Content-type: matter-transport/sentient-life-form

I thought I knew most of the tricks of ssh. But I stumbled upon one that is banal and simple, but was not known to me: the ProxyCommand option. With this option, you can define a tunnel for a specified host that is established before the actual connection is made. With the program nc (Netcat) on the computer one before the target system, you can tunnel through a chain of firewalls wonderfully, especially when working with Auth-Forwarding. Simply build a section similar to this into the .ssh/config:


 Host safe
 Protocol 2
 User me
 HostName 192.168.0.42
 ProxyCommand ssh door nc -q 0 safe 22

Here, when ssh safe is used, a connection to the computer door is established internally via ssh door, and then a Netcat connection to the ssh daemon on the actual target computer safe is created there. This can also be used wonderfully over several ssh hops to transport files directly between two systems through a chain of firewalls. Ssh is just genius, if it didn't exist, you would have to invent it.

(in my case, I needed this for darcs - it can only push repositories over ssh)

You never stop learning