A resposta do Jakuje está certa, mas desde o OpenSSH 7.3
, agora você pode usar -J
ProxyJump
que é mais fácil. Veja minhas anotações:
OpenSSH 7.3
ou acima
Use ProxyJump
. Como explicado no manual:
-J [user@]host[:port]
Connect to the target host by first making an ssh connection to the jump host and then establishing a TCP forwarding to the ultimate destination from there. Multiple jump hops may be specified separated by comma characters. This is a shortcut to specify a ProxyJump configuration directive.
ProxyJump ~/.ssh/config
example
~/.ssh/config
Host server1
Hostname server1.example.com
IdentityFile ~/.ssh/id_rsa
Host server2_behind_server1
Hostname server2.example.com
IdentityFile ~/.ssh/id_rsa
ProxyJump server1
Conecte-se com
ssh server2_behind_server1 -v
Adicione -v
para saída detalhada
ProxyJump -J
Exemplo de linha de comando
~/.ssh/config
Host server1
Hostname server1.example.com
IdentityFile ~/.ssh/id_rsa
Host server2
Hostname server2.example.com
IdentityFile ~/.ssh/id_rsa
Conecte-se com
ssh server2 -J server1 -v
Ou use -o
ssh server2 -o 'ProxyJump server1' -v
OpenSSH 5.4
ou acima
Use ProxyCommand
com -W
~/.ssh/config
Host server1
Hostname server1.example.com
IdentityFile ~/.ssh/id_rsa
Host server2
Hostname server2.example.com
IdentityFile ~/.ssh/id_rsa
ProxyCommand ssh server1 -W %h:%p
Conecte-se com
ssh server2 -v
Ou use -o
ssh server2 -o 'ProxyCommand ssh server1 -W %h:%p' -v
OpenSSH abaixo de 5.4
~/.ssh/config
Host server1
Hostname server1.example.com
IdentityFile ~/.ssh/id_rsa
Host server2
Hostname server2.example.com
IdentityFile ~/.ssh/id_rsa
ProxyCommand ssh server1 nc %h %p 2> /dev/null
Conecte-se com:
ssh server2 -v
Ou use -o
ssh server2 -o 'ProxyCommand ssh server1 nc %h %p 2> /dev/null' -v
Fontes
-J
adicionado em OpenSSH 7.3
- ssh(1): Add a ProxyJump option and corresponding -J command-line flag to allow simplified indirection through a one or more SSH bastions or "jump hosts".
-W
adicionado em OpenSSH 5.4
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz#1618