5

I want to access some host from my personal computer, but I have to access an intermediate server first, because the final destination cannot be seen from public internet.

The thing is that I have to do the following to access the final host. From my pc:

ssh username@server

And enter the password. Once I'm in there:

ssh username2@finalhost

And enter another password.

This is pretty cumbersome, specially when doing scp, because I have to copy the file to the intermediate server before being able to copy it to the final host.

Is there a way to make this process automatic, both for ssh and scp commands?

Improve this question

2 Answers 2

Reset to default
6

If you have OpenSSH 7.3 or later, you can use ProxyJump in your SSH client config to specify jump hosts.

For example, edit your ~/.ssh/config and add

Host finalhost
HostName finalhost.example.com
User username2
ProxyJump username@server

Now ssh finalhost or scp file.txt finalhost:. should go through the jump host.

Improve this answer
9
  • Sorry for my ignorance, I'm pretty new to this. But where in that file are passwords stated? Shouldn't they be involved to automatize the access?
    – Tendero
    Commented Aug 14, 2018 at 1:12
  • 3
    @Tendero ProxyJump doesn't store passwords, it automates the process of connecting through an intermediate ("jump") host. What so you is run something like ssh finalhost or scp localsource finalhost:destination, and it automatically connects through the jump host to the final host. But it'll still prompt you for both passwords. If you want to avoid the password prompts, your best option is to use public key authentication instead of storing passwords.
    – Gordon Davisson
    Commented Aug 14, 2018 at 4:01
  • 1
    @GordonDavisson I don't have the opportunity to configure any of the PCs I connect to when doing ssh, they are both a server and a host in my University and all I have is a password to access them. Given that this is the case, is it still possible to use the publick key authentication you mention? (I don't know what that is, I shall read in a couple of hours to see what it's about.)
    – Tendero
    Commented Aug 14, 2018 at 18:46
  • 2
    @Tendero Public-key auth does require installing a public key on the server (and matching private key on your client). Can you at least do this on the intermediate host, and save one password entry? The idea of storing server passwords insecurely (e.g. in a script) makes my teeth hurt, so take a look at the sshpass option jjlin mentioned.
    – Gordon Davisson
    Commented Aug 14, 2018 at 19:28
  • 1
    @GordonDavisson I don't mind storing the passwords insecurely, my PC really isn't accessed by anyone but me, and the server and final host are just used to experiment with these kind of stuff. So it's not like there is some important information that could be leaked (or that there is even a possibility of someone knowing the passwords due to my storing them in a script). Is it possible to automatize the process with this in mind?
    – Tendero
    Commented Aug 16, 2018 at 22:54
3

Here is a short block of ~/.ssh/config that will do the tric (even for old ssh versions):

Host server
    User username

Host finalhost
    User username2
    ProxyCommand ssh server -W %h:%p

You declare 2 hosts, the middle server and the final host. The ssh connection to the server is straightforward with the User and Host provided in the config. The connection to the finalhost performs a jump on the server as specified in the ProxyCommand line.

The two magic parameters %h and %p are used to forward the current Host = finalhost and current port = 22 (default)

Secondly, in order to prevent you from typing your password each time you connect to those machines, you can use the ssh-copy-id command:

ssh-copy-id server
<type server password for the last time>

ssh-copy-id finalhost
<type finalhost password for the last time>

For this to work you need to have generated a public-private key pair previously using ssh-keygen. You can check wether or not they already exist in the ~/.ssh folder (id_rsa.pub & id_rsa)

Improve this answer
1
  • omg how am I just finding out about ssh-copy-id
    – Nimitz14
    Commented Nov 3, 2021 at 13:45

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .