Blog.

Where I work (Squiz.net), we have a lot of servers with IP restrictions for different parts of our network. For example, in order to connect to some client servers, I have to SSH to a server in our Sydney office (from Hobart) before connecting.

I found it difficult to keep track of which hosts allowed direct connections, which didn’t, combined with having to remember which hosts can be bounced through.

I wrote this script that reads a configuration file and bounces you through hosts in a “behind the scenes” manner, using the -t option of SSH which allows you to run commands on the host without attaching to the local TTY.

(For example, `ssh -t foo ssh bar’ allows you to SSH to host “bar” without ever really seeing that you’re going through “foo”. Obviously, you must use key authentication)

The script reads a configuration file which looks like this:

intranet
cooee:delta,intranet
bob:delta,intranet
deltaex:alpha

It contains a list of hosts on newlines, which in turn has a list of hosts that need to be bounced through in order to get there. You can also specify a “default bouncehost” (at the top of the script), which means any hosts in the configuration file that don’t have bounce hosts specified will use the default one.

Whenever I find a host that I can’t SSH directly, I add it in the configuration file, and voila! I never have to think about it again.

The script has many other features, such as doing local lookups of the hosts first in your /etc/hosts file, and then translating them to IP addresses for the bounce hosts. This allows you specify quick “aliases” to use for hosts that don’t have a simple hostname, or one at all, eg: `ssh int’ where ‘int’ is defined in your hosts file.

Check it out (literally) here:

SVN: svn co http://dans.im/svn/sshbounce/