Simplify Multi-Hop SSH Connection Using Config

Goal

Using SSH config to simplify connecting to another host from a host a.k.a multi-hop connection. Diagram for the connection:

+---------------+
| Local Machine |
| 192.168.0.5   |
+---------------+
      |
      | SSH 
       \
       \/
+-------------------------------------+
| Host Machine 192.168.0.10           |
|           /          \              |
|          / -- SSH --  \             |
|  +--------------+  +-------------+  |
|  | Docker 1     |  | Docker 2    |  |
|  | 172.17.0.1   |  | 172.17.0.2  |  |
|  +--------------+  +-------------+  |
|                                     |
+-------------------------------------+

Steps

Recent OpenSSH implementation already having built-in netcat to proxy the connection from one host to the other using -W option.

$ cat > ~/.ssh/config
Host host-machine
  Hostname 192.168.0.10
  User ubuntu

Host docker1
  Hostname 172.17.0.1
  User root
  ProxyCommand ssh -A host-machine -W %h:%p

Host docker2
  Hostname 172.17.0.2
  User root
  ProxyCommand ssh -A host-machine -W %h:%p

Assuming your key already on host machine and docker container, now to connect to docker container 1 you just need to issue:

$ ssh docker1

References

• http://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/
• http://sshmenu.sourceforge.net/articles/transparent-mulithop.html
• http://backdrift.org/transparent-proxy-with-ssh

Share on Facebook Twitter