On Fri, Apr 16, 2010 at 7:24 AM, Matt Domsch <Matt_Domsch@xxxxxxxx> wrote: > On Thu, Apr 15, 2010 at 04:12:20PM +0200, Christoph H?ger wrote: >> Hi, >> >> I need to ssh to some remote VM that sit in a private LAN. For any other >> service (e.g. RDP) I'd use ssh tunneling just normal. >> But what do I do for ssh traffic? Since ssh is not host agnostic, it >> will always complain about localhost having a different RSA key. >> I just do not want to edit the known_hosts every time I need to connecto >> to a new machine! >> >> Is there some way to tell ssh to use a tunnel directly for a >> connection? > > you want to use ProxyCommand lines in .ssh/config, rather than local > redirects. > > > > Host deeper-inside > HostName 192.168.1.2 > ProxyCommand ssh inside nc %h %p > > Host inside > HostName 192.168.0.2 > ProxyCommand ssh outside nc %h %p > > > where outside is the public host name/IP, inside is one level inside > your private network, directly reachable by host outside, and > deeper-inside is 2 levels deep, directly reachable by host inside. > > > $ ssh deeper-inside > One thing that is worth bearing in mind that has caught me out before is to be aware that you can have everything set up perfectly but the connections can simply not work! The reason "could" be that on one of the machines there is a firewall port forwarding restriction - for example when I connect to work I have to make an initial connection to a specific "ssh" gateway to get through the company firewall, that has been set up so that forwarding can only be done to port 22 and 80 on machine inside the firewall - all other port forwards are not allowed - this made for some interesting time wastage until I realised that in this case any fancy port forwarding was doomed to failure.... may not be the case for your systems but in my case it meant having to rework the way I wanted to make connections. Just another factor that you may not think about when doing sophisticated networking! -- mike c -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
