Want an SSH proxy? Think they’re a myth, like unicorns?

They’re not.  Either of them.

Unicorns live in the land of make believe, with leprechauns, fairies, and knowledgeable phone support techs.

Recently, I had the occasion for one.  An SSH proxy, not a unicorn.  Keep up.  Short story, started using a VPN.  Random IPs are not awesome for setting up in a firewall.  But I *do* have a virtual server somewhere.  It’s IP is not random, and never changes.

“I bet I can use it for a proxy” says I.  So I go looking.  Examples of how to do SSH tunnels abound.  That’s not quite what I had in mind.  See, you have to setup a tunnel all the time, in order to use it.  That’s *way* to much work.  Plus remembering that “ssh -p 2222 localhost” is server X, and “ssh -p 2223 locahost” is server Y is a giant pain in the hole.

“There must be a better way” thought I.  And there is.  You can put a ProxyCommand into your ~/.ssh/config file.  

Like so:

This says “when I try to connect to any server that ends in .example.com, use my.virtualserver.com”

This command sets up a nc (read about it) process which just takes your input, and shoves it to the remote server.  Everything works like you’d expect.  Even your ssh-agent.  


  • Server you can SSH too with a fixed IP, ideally auth’d with keys
  • nc installed on said server

That’s all.

What do the bits of the nc command do?

-w 3600: Timeout in 3600s with no input

%h: use this host (SSH fills that in)

%p: use this port on that host (SSH fills that in).


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s