I use SSH daily to work with different remote services, and its always a very straight-forward process… unless the remote server you want to work with is on LAN somewhere behind NAT. When you need to access such an internal server, the only option is to SSH into the firewall, and then SSH again to your server of choice.
But there’s a better way, and you don’t even have to fiddle with the firewall server!
(this is not actually a script, though minimal text editing is required)
The solution is actually quite simple: set up an alias in your .ssh/config
file that you can use to call the remote server when you are outside the LAN (if you are inside the LAN its better to access it directly), and for that alias we will set up a ProxyCommand
that will tell SSH to first access the firewall server and open a tunnel to the target LAN server.
It looks like this:
Host remote-alias
ProxyCommand ssh firewall-user@firewally-server nc lan-server 22
This set up works best if your access to the firewall-user
account is without password or passphrase (using an SSH private key that is either without passphrase or already loaded in the agent), then the login is as streamlines as a direct access – but the worst is that you’d need to type in two passwords.