Saturday, September 13, 2008

SSH ProxyCommand without netcat

The ProxyCommand is very useful when hosts are only indirectly accessible. With netcat it is relative strait forward:
ProxyCommand ssh {gw} netcat -w 1 {host} 22

But it is also possible when netcat is not installed on the gateway:
ProxyCommand ssh {gw} 'exec 3<>/dev/tcp/{host}/22; cat <&3 & cat >&3;kill $!'

And it even works together with ControlMaster.

(Updated on Oct 22 to include kill to clean up background cat)

5 comments:

Robert de Bock said...

That is one great trick, I'll try this one on different UNIX/Linux systems! Thanks for this hint!

Anonymous said...

Not bad the idea, but for me that leaves one idle cat around after teminating the connection.

Roland said...

Yes, it leaves one cat around. Didn't worry about it. Not sure how one could prevent that.

Anonymous said...

How about closing the file descriptor #3 after everything was done? Will this work? --
ProxyCommand ssh {gw} 'exec 3<>/dev/tcp/{host}/22;(cat <&3 & );cat >&3; exec 3>&-;'

Roland said...

Closeing the file descriptor doesn't exit the background cat for me. But your comment made me realized one can just kill the background cat after the connection is finished. Thanks. I updated it in the article.