SSH Forward ProxyCommand

Going through one host to reach another server

Public Network           │   Private Network        

┌──────┐ ┌───────┴──────┐ ┌────────┐
│ │ │ │ │ │
│ You │──ssh────▶ Bastion host │──ssh────▶ Server │
│ │ │ │ │ │
└──────┘ └───────┬──────┘ └────────┘

The Problem is, if you want to ssh to server in private network you want to ssh to a public server and then ssh from public server to another private server. SSH ProxyCommand is allow you to ssh through to private server from your machine.

The first of all, You should allow ssh login without password. you can do by copy public key to remote server file ~/.ssh/authorized_keys or you can use ssh-copy-id

ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.10.1

Allow forward SSH ProxyCommand, so you need to edit ssh config file ~/.ssh/config

Host bastion
  HostName bastion
  User root
  IdentityFile ~/.ssh/id_rsa
Host 192.168.10.*
  ProxyCommand ssh -W %h:%p root@bastion
  User root
  IdentityFile ~/.ssh/id_rsa

The first block are allow you to ssh to root@bastion by using ~/.ssh/id_rsa public key. so now you can use ssh bastion instead of ssh root@bastion

The second block are allow you to ssh forward to root@192.168.10.* server by using ProxyCommand from bastion by using ~/.ssh/id_rsa public key from your host. so now you can ssh to root@192.168.10.100 by using ssh 192.168.10.100 from you machine no need to ssh to bastion before ssh to root@192.168.10.100