On Wed, Dec 18, 2013 at 8:33 AM, Chad Walstrom <chewie at wookimus.net> wrote: > Jay Kline <jay at slushpupie.com> wrote: >> A technique Ive use for this type of problem is to combine the >> ProxyCommand option with netcat (nc). So in your .ssh/config put this: >> >> Host machineA >> ProxyCommand ssh machineB /usr/bin/nc machineA 22 > > Wow... That's just pretty; a winner for simple A->B single-host > mappings. You can chain them together too, if you need to go A->B->C. Though at that point you've tunneled ssh inside itself twice, so the actual packet payload size starts getting smaller, and it can be painful on slower networks. > If you want a more full-blown VPN over SSH: > https://wiki.archlinux.org/index.php/VPN_over_SSH > > I've used SSH+PPP in the past with good success way back in the day, but > it does require PPPD to be installed on the remote side. The built-in > layer-3 OpenSSH tunneling using the TUN device looks quite useful. Ive done this in the past too, but Ive found it to be somewhat fragile for more than a couple of users (though "users" in this case typically ends up being systems, not people). It also requires more privileged access, whereas the ProxyCommand I can implement without any special permissions, even when sshd disallows port forwarding :-) >> ... >> Host * >> ControlMaster auto >> ControlPath /tmp/.ssh_control_%r@%h:%p >> >> ... >> ssh_config), and if your network link changes/drops you need to issue >> "ssh -O exit hostname" from your local host instead of using the ~. >> break command. > > Yeah, I've been using ControlMaster for a couple of months now after a > tip from a co-worker. It's epecially helpful when using TRAMP in Emacs > to view remote files or initiate remote shells. > I started using it when I had to do svn over a link that had a screwed up DNS configuration, so the initial connection took forever, but link speed after that was fine. 90% of the time I love it. But its sometimes a pain, since its harder to interact directly with the real ssh process making the connection. Jay