Ceci est une ancienne révision du document !
The servers (calculations, preview, data) are sometimes behind several firewalls or gateways (or multi-hop SSH , “rebonds” SSH in French). The SSH documentation explains how to pass a single gateway ( ProxyCommand
option). It is possible to cumulate this system of “bridge jump” several times. For this example, we will detail multi-hop SSH from the network shown below.
Caption :
/home
)The Poste Chercheur (your computer!) reach the server vizu.psmn through 2 SSH gateways (red path).
We are going to manually accumulate connections (blue paths):
user@postechercheur:~$ ssh ssh.ens-lyon.fr
user@ssh.ens-lyon.fr:~$ ssh allo-psmn
user@allo-psmn:~$ ssh vizu.psmn
user@vizu.psmn:~$
These manual operations can be automatized.
You need to add the gateways and target servers entries in the ~/.ssh/config
file on the postechercheur
. By adding up the different connections as you go.
~/.ssh/config
file on postechercheur
Host ssh-ens User user HostName ssh.ens-lyon.fr Host allo-psmn User user ProxyCommand ssh -qt ssh-ens tcpconnect allo-psmn.ens-lyon.fr %p Host vizu.psmn User user ProxyCommand ssh -qt allo-psmn netcat -w1 vizu.psmn.ens-lyon.fr %p
(A more compete configuration file is available on this page)
That's it. You can now connect to vizu.psmn
from postechercheur
in one command!
user@postechercheur:~$ ssh vizu.psmn user@vizu.psmn:~$
It also works with the scp
command.
The configuration and explanations on the automation of the login steps with an SSH-agent are explained here.
See the use of plink & PuTTY