45

Possible Duplicate:
ssh via multiple hosts

For connecting to server B I have to first ssh to server A. What's the command line to access server B?

Improve this question
1
  • 1
    The second answer is the much better one. Please change the mark! Commented Aug 19, 2015 at 11:50

2 Answers 2

Reset to default
71

If server B is reachable via ssh and you only need ssh (not direct scp or sftp), this also works very well:

ssh -t $SERVER_A ssh $SERVER_B

The -t option forces allocation of a pseudo-tty even when running a single command at the other end. This is helpful, since ssh needs a pseudo-tty.

Since you're using two nested instances of ssh, the escape character in the inner session is Enter ~ ~ (two tildes). One tilde will send the escape to the first shell.

Improve this answer
7
  • 5
    Extra tip: you can add the -A argument to passthrough your identity keys. For example: ssh -A -t $SERVER_A ssh -A $SERVER_B, great solution for one of those oh-I-can't-access-this-server-directly-but-hey-I-can-reach-it-via-that-server-with-key-auth Commented Oct 19, 2015 at 17:02
  • 2
    @Zyphrax ssh -A -t <server1> ssh -A <server2> doesn't work for forwarding the private key for me. It says - "Permission denied (publickey)". Am I wrong somewhere? Commented Apr 9, 2017 at 2:46
  • @shivshnkr That's strange, it works fine for me. Does your command look like this? ssh -A -t [email protected] ssh -A host2.domain.com. You can also add user@ to host2.domain.com, but I don't think that is necessary. Commented Apr 11, 2017 at 20:41
  • Yes, the command is exactly same : ssh -A -t <user>@X1 ssh -A <user>@X2, If I copy my private key to ~/.ssh/id_rsa in X1 host, it works but not the other way. weird. Do we need some extra configuration in ~/.ssh/config too ? Commented Apr 12, 2017 at 3:43
  • I don't believe any extra configuration is necessary. Are you testing (like me) on MacOS? Commented Apr 20, 2017 at 0:31
21

There isn't a built-in way in ssh to do this, other than to use port forwarding.

However, there is a way that works reasonably well - the ProxyCommand setting for ssh. You can specify that on a per-host basis in ~/.ssh/config and use it to specify the command to run to connect to the remote ssh port.

I use this on several hosts:

host serverB.example.com serverB
  ProxyCommand /usr/bin/ssh serverA.example.com /usr/bin/nc %h %p

See the ssh(1) manual page for the details, and nc(1) from the netcat package for the command I am using to forward on the connection. (You can use anything that makes a TCP connection and passes standard input and output through it, though.)

Improve this answer
8
  • I replaced /usr/bin/nc with ssh. then after it asks for password of serverA I get this error(s): Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password). ssh_exchange_identification: Connection closed by remote host Commented Jun 24, 2012 at 7:20
  • There's no need to replace nc there. See, it's used for creating a TCP connection from serverA to serverB, which the ssh serverB command then uses to talk SSH. Commented Jun 24, 2012 at 9:22
  • 15
    Just for the record newer versions of ssh support the -W option, you can do something like ProxyCommand ssh -W %h:%p gateway instead of depending on nc Commented Jun 24, 2012 at 9:48
  • 1
    @sr_: You are right! I thought it was mc(midnight commander) Commented Jun 24, 2012 at 19:39
  • @UlrichDangel you should add that as an answer to the other question: it is not included there. Commented Jun 24, 2012 at 20:05

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.