Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Dan Stromberg
November 13, 2004, 12:17 am
rate this thread
I've just revised my "deep-ssh" script to use quoting that I think will
work better. I'd been engaging in wishful thinking previously, hoping
against hope that bash would do python-style quoting (IE, alternating '
and "), but I've switched instead to " alone with exponential backslashes.
Anyway, deep-ssh is a python script that builds shell commands that run
ssh under ssh under ssh... and so on. So if you have to get past two
routing discontinuities (IE, firewalls), you can do it in one command,
with something like:
deep-ssh email@example.com 'uname -a'
The syntax is clearly inspired by UUCP. :)
The default username on each hop, is of course the same as the username on
the prior hop.
Deep-ssh will also attempt to set up X11 tunneling
automatically, although at this time it only knows about -X. I may add
some form of -Y support eventually.
I have a web page up about it at
The problem with chaining ssh'es like that (ie "ssh gateway ssh targethost")
is that each and every gateway host is a potential attack point at which
the traffic may be monitored and/or modified.
With OpenSSH, if you have a suitable command on the intermediate host
(eg connect or netcat) then you can achieve a similar effect using
the ProxyCommand option, eg in your ~/.ssh/config:
ProxyCommand ssh gateway connect %h %p
This has the disadvantage of double-encrypting the traffic in the first
hop but has the advantage of encrypting the second session end-to-end.
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum