DougBreaux 270007SMYJ Comments (3) Visits (3858)
I'm normally a PuTTY user, but I'm temporarily on a *IX (MacOS) system, and learning a few simple techniques for doing some
First, I'm using SSH keys for much of my authentication. I may add details here later on how to create those, but it's pretty straightforward to find all over the web.
Next, ssh-add to add SSH keys to your system's authentication agent (what PuTTY pageant does). e.g.
ssh-add -K /Use
Proxy a hop
To proxy/hop through one host that can reach the other hosts you want to reach, use the ProxyCommand option. (Source of this one was fellow IBMer, @Harley Stenzel0600022V4M.)
ssh -o ProxyCommand="ssh -W %h:%p my-proxy-server" my-d
Further, I can tunnel ports, like the WebSphere administrator port, through that as well:
ssh -o ProxyCommand="ssh -W %h:%p my-proxy-server" -L90
Where my-destination and my-websphere-server might or might not be the same server, as long as my-destination can reach my-websphere-server on the port being tunneled.
I'll get a login shell to my-destination, and a tunneled port 9043 to my-w
Thanks, again, to Harley, this tip actually obviates some of the need for port tunneling. The -D option will dynamically forward connections through a local port, as a SOCKS server. Which... a browser can be configured to use, thus reaching any http URLs on the "other side" of that tunnel.
ssh -D localhost:8888 my-destination
Firefox proxy settings
I'm also currently trying out the SwitchyOmega add-on to automatically switch to this proxy configuration when hitting hosts in our private domain. Thus far, it seems to be working exactly as I'd like.
Saving SSH options
Finally, .ssh/config file in your home directory can contain saved configurations. Here's what mine looks like (again, largely thanks to Harley):
The first item is just to prevent our firewall from dropping my connection regularly. It sends a "keepalive" request every 60 seconds.
The second allows me to just type:
and have that automatically use the configured proxy server via the ProxyCommand to connect to host
You can also add Dynamic Forwarding to this file, with a line like this: