ssh_config question - SSH

This is a discussion on ssh_config question - SSH ; I'm trying to setup my .ssh/config to log in to a host behind a firewall. The command line version: ssh -t example.com ssh 192.168.1.1 works as expected; unfortunately I can't get this working via the config. I tried a number ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: ssh_config question

  1. ssh_config question

    I'm trying to setup my .ssh/config to log in to a host behind a firewall.
    The command line version:

    ssh -t example.com ssh 192.168.1.1

    works as expected; unfortunately I can't get this working via the config.
    I tried a number of options and I thought for sure that this would do it:

    Host example
    HostName example.com
    ProxyCommand ssh -t %h ssh 192.168.1.1

    Can anyone explain why this doesn't work?

  2. Re: ssh_config question

    I've sort of worked this out...

    > Host example
    > HostName example.com
    > ProxyCommand ssh -t %h ssh 192.168.1.1


    The above won't work but the below will:

    Host secret
    HostName 192.168.1.1
    ProxyCommand ssh example.com nc %h %p

    I think I'm not understanding exactly what ProxyCommand does.

  3. Re: ssh_config question

    >
    > I've sort of worked this out...
    > > Host example
    > > HostName example.com
    > > ProxyCommand ssh -t %h ssh 192.168.1.1

    >
    > The above won't work but the below will:
    >
    > Host secret
    > HostName 192.168.1.1
    > ProxyCommand ssh example.com nc %h %p
    >
    > I think I'm not understanding exactly what ProxyCommand does.


    ProxyCommand specifies a program which the SSH client will use to contact
    the remote SSH server. Instead of opening a TCP connection, it runs this
    program and uses its stdin/stdout as the communications channel.

    Your first command does not connect the SSH client to an SSH server; it
    connects it to the stdin/stdout of a shell on 192.168.1.1.

    --
    Richard Silverman
    res@qoxp.net


  4. Re: ssh_config question

    On Tue, 18 Dec 2007 22:42:46 -0500, Richard E. Silverman wrote:

    > ProxyCommand specifies a program which the SSH client will use to
    > contact the remote SSH server. Instead of opening a TCP connection, it
    > runs this program and uses its stdin/stdout as the communications
    > channel.
    >
    > Your first command does not connect the SSH client to an SSH server; it
    > connects it to the stdin/stdout of a shell on 192.168.1.1.


    Ah- I get it now... ProxyCommand handles the TCP connection whereas when
    I do `ssh -t example.com ssh 192.168.1.1` the ssh client makes its own
    connection. That would explain why it's called "ProxyCommand"

    The man page makes more sense to me now, but your explanation is much
    more clear. (I guess that's why you wrote the book) Thank you.

    -gh

+ Reply to Thread