I’m normally a PuTTY user, but I’m temporarily on a *IX (MacOS) system, and learning a few simple techniques for doing some of what I’ve done with PuTTY, plink, and pageant. So I thought I’d jot down a few of those.
First, I’m using SSH keys for much of my authentication. I may add details here later on how to create those, but it’s pretty straightforward to find all over the web.
ssh-add to add SSH keys to your system’s authentication agent (what PuTTY pageant does). e.g.
ssh-add -K /Users/breaux/my-private-key.2048.ssh
Proxy a hop
To proxy/hop through one host that can reach the other hosts you want to reach, use the
ProxyCommand option. (Source of this one was fellow IBMer, @Harley Stenzel.)
ssh -o ProxyCommand="ssh -W %h:%p _my-proxy-server_" _my-destination-server_
Further, I can tunnel ports, like the WebSphere administrator port, through that as well:
ssh -o ProxyCommand="ssh -W %h:%p _my-proxy-server_" -L9043:_my-websphere-server_:9043 _my-destination_
Where my-destination and my-websphere-server might or might not be the same server, as long as my-destination can reach my-websphere-server on the port being tunneled.
I’ll get a login shell to my-destination, and a tunneled port 9043 to my-websphere-server, through
Thanks, again, to Harley, this tip actually obviates some of the need for port tunneling. The -D option will dynamically forward connections through a local port, as a SOCKS server. Which… a browser can be configured to use, thus reaching any http URLs on the “other side” of that tunnel.
ssh -D localhost:8888 _my-destination_
Firefox proxy settings
I’m also currently trying out the SwitchyOmega add-on to automatically switch to this proxy configuration when hitting hosts in our private domain. Thus far, it seems to be working exactly as I’d like.
Saving SSH options
.ssh/config file in your home directory can contain saved configurations. Here’s what mine looks like (again, largely thanks to Harley):
# keepalive ServerAliveInterval 60 # proxy host *.my.private.domain ProxyCommand ssh -W %h:%p _my-proxy-server_
The first item is just to prevent our firewall from dropping my connection regularly. It sends a “keepalive” request every 60 seconds.
The second allows me to just type:
and have that automatically use the configured proxy server via the
ProxyCommand to connect to host1.my.private.domain. (Assuming that fully-qualified name resolves.)
You can also add Dynamic Forwarding to this file, with a line like this:
A reference that helped me: https://www.ericholscher.com/blog/2009/mar/21/really-easy-ssh-tunneling/