When you have a 1 door entrance for your data center you will need to ssh into the door or proxy machine and then ssh to the wanted machine. To ease the pain, you can execute just one command instead.
$ ssh -tt door-machine.com ssh the-real-deal-machine.com
Let’s break it down:
- the
-tflag forces a pseudo-terminal allocation and if we add multiple t’s it will force a tty allocation, meaning, a terminal on the door machine. - Once the terminal is created, you execute another ssh as if you would normally.
Because this is still painful, we can configure it into our ~/.ssh/config file instead:
Host door-machine
User tomas
Hostname door-machine.com
Host the-real-deal-machine
User tomas
IdentityFile ~/.ssh/id_rsa_for_real_machine
ProxyCommand ssh door-machine nc the-real-deal-machine.com 22
I had a special issue when setting this up, I needed to use the -v flag to debug it, my door machine has a tomas user with a different identity file than I normally use. To fix this I needed to add locally that file and point to it in the configuration. Let’s break these commands down:
- First we create the door-machine configuration which is pretty basic.
- IdentityFile points to the
id_rsafrom the door machine. - ProxyCommand is the real magic, it enters into the door machine and extends the connection with the nc command to the target machine.
If you want to read more about it, please check this and this post.