The other day, I was using ssh as a SOCK5 proxy. To recap, I needed to access a resource that was only available from a remote Linux PC (i.e. my machine → remote Linux PC → network resource). One of the network resources was an embedded device with an SSH server. Hopping to the remote Linux PC over SSH was fine, but once there, I would then need to connect to my embedded device by calling SSH again (i.e. my machine → remote Linux PC (hop 1) → embedded device (hop2)). Fortunately, this step is, in fact, unnecessary and the process can be simplified.

It’s possible to create local SSH configurations within your local system by editing the file ~/.ssh/config, creating it, if necessary. Within this file, we can use the ProxyCommand keyword to inform server that we wish to run a specific application once the connection is established. In this case, we can use nc, or netcat, to do the talking (remember using nc when curl wasn’t available?). For example:

host hop_2_server_name ProxyCommand ssh hop1_user@hop1_ip nc hop_2_ip 22

This instruction says that the “nickname” hop_2_server_name will be used to ssh into hop1_ip1 using hop1_user and then use nc to establish a connection to hop_2_ip over port 22 (SSH).

In practice, the line in my config file looked like:

host embeddeddevice ProxyCommand ssh linuxuser@192.168.20.4 /usr/bin/nc 10.0.3.20 22

Save the file and head back to the command line. Assuming the user embeddeduser exists on the second hop — the embedded device in my case — meaning we can simply type:

ssh embeddeduser@embeddeddevice

You’ll then see this seamlessly and immediately connects to the second hop without any prompts from the first hop. What’s more, it uses your local ssh-agent instance for keys and will work for ssh, scp and sftp commands and clients.