Imagine you want to connect via SSH to remote systems
hostC on an intranet behind
hostA. This could be achieved easily using port forwarding via
hostA, just pick two arbitrary ports on the local machine and forward them to ports 22 of
hostC. This works very well for a small amount of intranet hosts, but it get’s quite messy as the list of hosts grows. After some time you’ll have a rather huge amount of local ports to remember (or to lookup in your port forwarding script several times a day). It’d certainly be easier to just type
ssh hostB and have the tunnel setup automatically.
Fortunately that is very well possible and quite easy to achieve using the
ProxyCommand directive. Assuming
nc installed, you can just add the following lines to your
Once done, you can easily connect to
ssh hostB, or
ssh hostC. No need to setup the tunnel first, it’ll be set up and teared down automagically as needed.