openssh bugs - Jul 2004 - [Bug 904] Better support for multi hop ssh/scp/sftp and anonymous port forwarding

http://bugzilla.mindrot.org/show_bug.cgi?id=904

           Summary: Better support for multi hop ssh/scp/sftp and anonymous
                    port forwarding
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: ssh
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: slice1900 at hotmail.com


A lot of people use SSH for DMZs, and thus you have to ssh through several hosts
(4 hops through one environment I'm familiar with!)  It would be nifty to
see
syntax something like:

ssh user1 at hop1/hop2/hop3/user4 at hop4 reboot

This would ssh to hop1 as user1, then to hop2 as user1, then to hop3 as user1
and then hop4 as user4 and execute the reboot command.  The '/' could be
replaced with another character, doesn't matter, so long as there is some
way to
represent this.

The same syntax should work for scp and sftp as well.

As part of this it'd really be helpful to have port forwarding integrated,
so I
could do:

ssh user1 at hop1/hop2/hop3/user4 at hop4 -L 500 -R 5000 sleep 3600

Which would do the same as above except execute the sleep 3600 command, and
forward the local port 500 (on the host you are on) to remote port 5000 on hop4.

This would fix a major hassle because right now doing something like that
requires naming ports in the intermediate hops, and there isn't any way to
say
"pick a random port, I don't care, I just want to connect both
ends".  As a
result everyone port forwarding through like this needs to use a different port
number, and they have to wait for the ports to time out if they need to
reconnect.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=904





------- Additional Comments From dtucker at zip.com.au  2004-07-22 08:22 -------
You can already do this with a ProxyCommand and a little help from the
intermediate hosts.

Suppose you have two sets of firewalls with hostA at one end, hostB in the
middle and hostC at the other end.  You can do something like the following in
~/.ssh/config on hostA:

Host hostB
    User user1

Host hostC
    ProxyCommand ssh hostB nc hostC 22
    User user2

You can keep stacking these (although obviously get slower):

Host hostD
    ProxyCommand ssh hostC nc hostD 22
    User user3



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.