ProxyCommand - The Old Way


In ProxyCommand we saw an alternative to ProxyJump for older releases of OpenSSH. What if we need to go even backwards in time?

The solution described in ProxyCommand relies upon the -W option for ssh (well, OpenSSH’s ssh, of course), which was introduced exactly 10 years ago (8th of March, 2010) in release-5.4:

Added a ‘netcat mode’ to ssh(1): “ssh -W host:port …”

I wholeheartedly wish you don’t need to go any backwards in time, but just in case rest assured that -W is a nice to have but not necessarily a must.

As a matter of fact - as also observed by crimson-egret - it’s possible to not rely upon the ‘netcat mode’ and use Netcat directly. This is how our example would have to be changed:

Host jumphost
   HostName jumphost.local
   User bar
   IdentityFile ~/.ssh/jumphost.key
Host target
   HostName target.internal
   User galook
   IdentityFile ~/.ssh/target.key
   ProxyCommand ssh jumphost nc %h %p

This, of course, requires to have nc installed in the jumphost, which might not always be the case. A few ideas about it:

  • first, check whether Netcat is installed with a different name in jumphost. It might be there as ncat or netcat, for example;
  • then, if the jumphost is Linux-based and you can place an executable there, you can put a statically compiled binary version and avoid intrusive installations of packages.

If you go for the second route, you might be interested into Busybox - multipurpose executable, a component of the #toolbox which contains an implementation of nc that should do the trick.


Comments? Octodon, Twitter, GitHub, Reddit, or drop me a line!