Multi-Hop ConnectionsPublished on 24 Mar 2004
Many networks are protected by a firewall that does not allow host on the outside to connect to those on the inside. Are you annoyed by connecting to the firewall first and then logging in to your favourite host from there?
You will soon realize that
ssh HOST1 ssh HOST2 does not help because SSH will not allocate a pseudo-tty when executing a remote command (see remote commands) although, without a pseudo-tty, the second ssh command will not be able to connect to
HOST2. but you can force SSH to do so:
ssh -t HOST1 ssh HOST2.
When using SSH to invoke a remove x client, the situation becomes a lot easier, because it does not require a pseudo-tty. Still, it requires you to redirect /dev/null to stdin:
ssh -n HOST1 ssh HOST2 COMMAND. You may even push SSH into the background:
ssh -f HOST1 ssh HOST2 COMMAND. Note that
As a consequence, you will have to use the
-n switch on all but the last hop.