When dealing with several servers that don’t all see each other it is often a bit painful to jump from one SSH session to another, even more so if you have to type some password every time.
In case you are allowed to edit
.ssh/authorized_keys (I don’t see a valid reason why you shouldn’t, but in the wonderful world of system administrators.. who knows?) your struggle is about to end. Provided, of course, that you use Linux 🙂
Let’s say you want to reach
hostB (unreachable from your own host) by tunneling over
hostA (which you have direct access to).
- Edit your
.ssh/configfile to include a stanza for each host; it should look like this:
Host hostA User myUserNameForHostA HostName hostA.domain.com Port 22 Host hostB User root HostName hostB.as.seen.from.hostA ForwardAgent yes Port 22 ProxyCommand ssh hostA nc %h %p
This will also let you type
ssh h<TAB>having the shell auto-complete magic fill the remaining “
ost” for you (the remaining A or B is up to you). Right now you may already tunnel over A to reach B, but still you would have to type in passwords for both host A and hostB every time you
- Generate your
id_rsa.pubin case you don’t have one, and add it to the
authorized_keyslist of both hostA and hostB:
ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub | ssh hostA 'cat >> .ssh/authorized_keys' cat ~/.ssh/id_rsa.pub | ssh hostB 'cat >> .ssh/authorized_keys'
And you’re done! Now you can
ssh hostB without having to type any password!
hostB don’t have a
.ssh folder, you should of course create it by executing
ssh hostA mkdir -p .ssh ssh hostB mkdir -p .ssh
Nice thing is, you may also add a
hostC that is accessible from
hostB only by adding an entry to
.ssh/config as you’ve done for
hostB, carefully switching