ETOOBUSY 🚀 minimal blogging for the impatient
ProxyCommand - The Old Way
In ProxyCommand we saw an alternative to ProxyJump for older releases of OpenSSH. What if we need to go even backwards in time?
The solution described in ProxyCommand relies upon the
ssh (well, OpenSSH’s
ssh, of course), which was introduced
exactly 10 years ago (8th of March, 2010) in release-5.4:
Added a ‘netcat mode’ to ssh(1): “ssh -W host:port …”
I wholeheartedly wish you don’t need to go any backwards in time, but
just in case rest assured that
-W is a nice to have but not
necessarily a must.
As a matter of fact - as also observed by crimson-egret - it’s possible to not rely upon the ‘netcat mode’ and use Netcat directly. This is how our example would have to be changed:
Host jumphost HostName jumphost.local User bar IdentityFile ~/.ssh/jumphost.key Host target HostName target.internal User galook IdentityFile ~/.ssh/target.key ProxyCommand ssh jumphost nc %h %p
This, of course, requires to have
nc installed in the jumphost,
which might not always be the case. A few ideas about it:
- first, check whether Netcat is installed with a different name in
jumphost. It might be there as
netcat, for example;
- then, if the jumphost is Linux-based and you can place an executable there, you can put a statically compiled binary version and avoid intrusive installations of packages.
If you go for the second route, you might be interested into Busybox -
multipurpose executable, a component of the #toolbox which
contains an implementation of
nc that should do the trick.