1

I'd like to setup three hosts:

  • HostC - destination host. You can login to it as ssh UserC@HostC with private key.
  • HostB - "ambassador/proxy" for HostC. When you ssh to HostB (simply as ssh UserB@B with UserB private key, without any additional actions like ProxyCommand in the config), it should be full equivalent of sshing directly to HostC. Of course, HostB has private key needed to connect to HostC. I have full control over HostB itself.
  • HostA - host, from which we want to run ssh UserB@HostB and - via HostB - connect to destination HostC without even knowing beforehand about HostC.

There's almost the same questions here:

SSH from A through B to C, using private key on B

However, accepted answer there is to use ProxyCommand. This requires configuration on HostA, which is not desirable in my case.

Is such scenario at all possible? Thanks!

sbat
  • 113
  • 5
  • When you say **When you ssh to HostB it should be full equivalent of sshing directly to HostC**, did you mean the HostB should log you into HostC automatically? Or Do want to SSH into HostB then SSH into HostC? – Prav Apr 07 '18 at 15:14
  • I want to log in to HostC automatically. Use case is that HostA(s) are build docker containers for various projects on various technology stacks - I don't want them to know about production/deployment externally visible HostC. I prefer them to go to stable well known HostB and upload build results to designated folder (while in reality they will be uploading to HostC). If there is a better way to solve my "real" problem, I appreciate your thoughts as well! – sbat Apr 07 '18 at 15:26
  • @sbat Welcome to the site :) The comments are volatile and serve only to improve the question. Your actual problem is drastically different from the question. Please hit edit and add the info at the top and explain how it relates to ssh thing. – kubanczyk Apr 07 '18 at 15:38
  • I don't know if you're using build tools like [Jenkins](https://jenkins.io/), which also support the distribution of builds. But if the current setup requires uploading the build result to a folder, why not mount the folder from HostC on HostB? Using something like [NFS or SSHFS](https://unix.stackexchange.com/questions/62677/best-way-to-mount-remote-folder?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa) – Prav Apr 07 '18 at 15:40

1 Answers1

1

In /etc/ssh/sshd_config on HostB, you could write something like

ForceCommand ssh HostC

maybe prececed by a Match operator to select on certain users or source hosts or IP addresses. See man sshd_config for more details.

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
  • Thanks a lot for the pointer! It appears it is indeed being used exactly as you suggest: https://askubuntu.com/questions/649729/how-can-i-redirect-ssh-users-to-another-ssh-login I'll test it out asap and mark it as an accepted answer if all works as expected. – sbat Apr 07 '18 at 16:17