ssh ProxyCommand

The ssh ProxyCommand option is just really insanely useful.The reason I want to use it is that it makes it easy to tunnel ssh through a firewall. So for example you have a machineon your corporate network that is is sitting behind a firewall,but you have a login to the firewall. Now of course you could justdo:

laptop$ ssh gateway
gateway$ ssh internal
internal$

or something like:

laptop$ ssh -t gateway ssh internal
internal$

But that really doesn't work very well if you use scp or sftpor some other service like revision control that runs on top of it.This is where you can use ProxyCommand option to make your life easier.Basically you want to put something like this into you .ssh/config:

Host internal
        ProxyCommand ssh gw nc -w 1 internal 22

For this to work you will need netcat (nc) installed on thegw, but that generally isn't too much of a problem. Now you can transparently ssh, scp or whatever to internal, and ssh deals with it.

Now of course if you can't get into the network full stop, you need some reverse tunneling tricks and some other host on the interwebwhich you can use to tunnel through. So something like:

ssh -f -nNT -R 1100:localhost:22 somehost

Will setup a remote tunnel, which basically means if you connect toport 1100, it will be forwarded to port 22 on the machine on which youran ssh -R. Unfortunately unless you have full controlover the host you are creating the reverse tunnel too, you will findthat port 1100, will only be bound to localhost, which means you will probably still need to use the trick mentioned above to get seemlessaccess to it.

• Like totally awesome page, dude!
  
  One tiny correction: "gw" in your config example should be "gateway"

  
  
• 
  

  Thanks for pointing that out, not sure how I messed that up.