SSH Proxying Via VPN Gateway Using NetCat

Unsurprisingly, the swiss army knife that is *NIX can solve an amazing array of problems without much fuss. For the past few years, I’ve needed to SSH into any of an array of machines behind many remote NAT routers. I’ve been getting by, until now, by directly SSHing to the router on the network I needed into, then SSHing again into the target machine. This is annoying at best, and error-prone at worst. Thanks to a CERN article, I’ve learned a better way…

All it takes is a client-side SSH .config file modification, like so:

Host gateway
	Hostname vpn-concentrator.yourdomain.com

Host *.myvwan.com
	ControlPath ~/.ssh/%h.%p.%r
	ControlMaster auto
	ForwardAgent yes
	GSSAPITrustDNS no
	ProxyCommand ssh gateway /usr/bin/nc %h %p 2> /dev/null

This configures SSH to use NetCat on the alias gateway to reach any destination ending with .myvwan.com. Quite easy to set up, requires no scripting or extra package installations, and makes all my SSHing easier!