comment on

Ah yes, but...

ssh -t shmem@gateway ssh -t admin@host.example.com \
  ssh -t wrxd15@192.168.123.2 ssh -t root@192.168.254.2
[download]

... I don't have the password for wrxd15@192.168.123.2, nor is this user allowed to login to 192.168.254.2 as root. The root passwords are generally unknown. It's my public key that is installed on each of these accounts in ~/.ssh/authorized_keys2, and my private key certainly won't leave my machine.

Furthermore, with a complex network setup, and being forced to use multiple ways to connect to a remote site - that occurs generally after a service down alert has arrived - entries in ~/.ssh/config aren't that useful for me.

I whipped the above cruft up because I need tunneling and forwarding of arbitrary local/remote ports to/from the remote host with changing requirements.

I need

              host1      host2      host3
            +-------+  +-------+  +-------+
ssh 1 ----------\   |  |       |  |       |
ssh 2 ---------------------\   |  |       |
ssh 3 ================================>   |
ssh 2 ---------------------/   |  |       |
ssh 1 ----------/   |  |       |  |       |
            +-------+  +-------+  +-------+
[download]

rather than

              host1      host2      host3
            +-------+  +-------+  +-------+
            |       |  |       |  |       |  
            |       |  |       |  |       |  
ssh 1 ======> ssh 2 ===> ssh 3 =======>   |
            |       |  |       |  |       |  
            |       |  |       |  |       |  
            +-------+  +-------+  +-------+
[download]

The most insane thing I do sometimes is tunneling a complete network via ppp through 5+ chained ssh's:

              host1      host2      host3     | |
            +-------+  +-------+  +-------+   | |
ssh 1 ---------\    |  |       |  | proxy |   |n|
ssh 2 --------------------\    |  |   arp |   |e|
ssh 3 --------------------------------\  \|   |t|
ppp ===== compress ======================^===== |
ssh 3 --------------------------------/   |   |w|
ssh 2 --------------------/    |  |       |   |o|
ssh 1 ---------/    |  |       |  |       |   |r|
            +-------+  +-------+  +-------+   |k|
[download]

</update>

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

In reply to Re^2: ssh chain by shmem
in thread ssh chain by shmem

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.