There are quite a few posts out there on how to make multi-hop SSH easier. Often this is called SSH’ing via jump box or proxy host.
Most of them work via netcat (
nc), which is a bit finicky. A better, less mentioned, option is the SSH’s
-W flag. Implemented in your
~/.ssh/config, it looks like this:
Host my_server IdentityFile server_key.pem HostName 172.31.4.82 User username ProxyCommand ssh -i key_for_jumpbox.pem -W %h:%p firstname.lastname@example.org
ssh my_server and you’re off to the races! For a quick-n-dirty one-liner without editing your SSH config, it looks like this:
ssh -i server_key.pem -o "ProxyCommand ssh -W %h:%p -i key_for_jumpbox.pem email@example.com" firstname.lastname@example.org
A very clever solution described on the Gentoo Wiki enables a simple syntax:
ssh host1+host2. But it gets uglier with differing usernames:
ssh user1%host1+host2 -l user2. Also it uses netcat rather than
-W and doesn’t appear to play nicely with needing to specify key files with
-i. A little monkeying could solve those problems. A project for a future day.
On a another note, I find it useful to alias
scp_unsafe as follows:
alias ssh_unsafe="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" alias scp_unsafe="scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
Handy when connecting to a box for which you do not care to remember or verify the host key.