At work, we have a number of servers that we can only SSH into from our jumpbox server.
Every now and then I need to execute a command on these servers. For example, if I want to execute df -H on server-1, I run this command:
ssh jumper@jumpbox 'ssh admin@server-1 ''dh -H'''
Our jumpbox has the keys to SSH into server-1, and my local workstation has the keys for SSHing into the jumpbox.
In order to simplify this, I have written a script called jumpbox.sh that looks like this:
#!/usr/bin/env bash
ssh jumper@jumpbox @
Then I can simply run
jumpbox.sh ssh admin@server-1 dh -H
To achieve the same goal. Is there a way I can achieve this by configuring my environment (e.g. by editing ~/.ssh/config), rather than
using this custom script?
I have found a few articles
as well as some questions on StackOverflow
that discuss how using ProxyCommand we can achieve this, but I can't seem to make it work.
First of all, the manual say this about ProxyCommand:
Specifies the command to use to connect to the server. The command string extends to the end of the line, and is executed with the user's shell.
If I am not wrong, this means that if I have the following configuration:
Host server-1
ProxyCommand ssh jumper@jumpbox nc %h %p
And then on my shell I execute
ssh server-1 dh -H
Then dh -H will be ignored. So looks like ProxyCommand is helpful in opening a new interactive SSH session, but not running one off commands. Is this correct?
Also I don't quite understand what is nc's role here?
To summarize, my question is:
Is there a way to configure my environment using ~/.ssh/config, etc. so that when
I run ssh admin@server-1 dh -H, for example, the command is run through the jumpbox server?
