VanDyke Software Forums

VanDyke Software Forums (
-   Secure Shell (
-   -   Pass-trough SSH (

Andomar 05-16-2014 07:03 AM

Pass-trough SSH

At work, I have to SSH to a "hop" host and from that host you can reach other hosts. I solve this by having SecureCRT forward ports to the other hosts.

But my colleague uses a ssh feature called ProxyCommand:

Host host1
ForwardAgent yes
IdentifyingFile ~/ssh/id_rsa
ProxyCommand ssh hophost nc %h 22

This allows him to hop without a tunnel connection. This works even if you have to hop over multiple hosts.

Is there an easy way to use a hop host with SecureCRT? Or is port forwarding the simplest solution?

rtb 05-16-2014 07:30 AM

Hi Andomar,

Thanks for the post. SecureCRT does not currently support the proxy command. I would like to get some additional information to see if there is anything that might help make things easier for you.

What is the version of SecureCRT that you are using?

What about your current "hop" method in SecureCRT is hard?

Are you manually defining the forward ports?

Andomar 05-16-2014 08:09 AM

Thanks for your reply. I'm on SecureCRT 7.2.4 for Windows 64-bit.

It's "hard" to connect to a new host because I have to edit my tunnel session and add a port forwarding rule. Then I create a new session that connects to the forwarded port on my local machine.

And so yes, I am manually defining the forward pots.

rtb 05-16-2014 08:26 AM

Thanks for the update Andomar.

SecureCRT 7.2 has a feature that lets you connect using a hop session as a firewall rather than manually defining your forwarding ports. Here are the steps.
  1. Create a session to the hop host.
  2. Create a session to connect to your device.
  3. Step 2 will fail, but you can edit the saved session and define the hop session as a firewall by selecting Select Session... from the Firewall: dropdown menu in the Connection / SSH2 category of the Session Options dialog.
  4. Select the hop session to be the firewall.
Does this seem like it might make things a little easier?

Andomar 05-19-2014 02:41 AM

Hi Todd,

That works, thank you! I'd never have expected "Firewall" to mean that.


rtb 05-19-2014 07:40 AM

Hi Andomar,

Thanks for the update. I am glad to hear that the little known feature works for you.

We will post here if we add support for the OpenSSH ProxyCommand option.

If you would like to be notified directly, please complete and submit the form at the following location:
Submit Feature Request

bitcollector 08-22-2014 12:52 AM

Super tip
Thanks to Andomar for asking the question and rtb for this tip :)

I have the same use-case at my new employer and was struggling to remember all these new hostnames. This is perfect and very timely and another reason I love SecureCrt so much.

Maureen 04-09-2020 04:47 PM

Proxy Command has been implemented in SecureCRT 8.7 for Windows, which can be downloaded here:

It can be configured in the Global Options dialog in the Firewall category.


All times are GMT -6. The time now is 02:41 AM.