reverse engineered

SSH Bouncing

SSH bouncing is a method of getting end to end encrypted access to hosts behind restrictive firewalls. ssh hostA ‘ssh hostB’ isn’t much good, because it doesn’t provide end to end encryption. All it really does is login to the second host automatically. SSH bouncing tunnels one SSH connection inside the other to create a full connection to the firewalled host. It could also be done with local SSH port forwards, but this method is simpler, and doesn’t require two terminals - one to set up the forward, and the other to SSH to the firewalled host.

hostA is firewall or internet facing host.

hostB is behind firewall.

Stick the following in your .ssh/config file:

Host hostB
Hostname hostB.local
User hostBuser
ProxyCommand ssh hostAuser@hostA /bin/nc -w 1 hostB.local 22

To log into your remote host, simply type ssh hostB

comments powered by Disqus