Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Reply
 
Thread Tools Display Modes
  #1  
Old 05-16-2014, 07:03 AM
Andomar Andomar is offline
Registered User
 
Join Date: Mar 2014
Posts: 16
Pass-trough SSH

Hi,

At work, I have to SSH to a "hop" host and from that host you can reach other hosts. I solve this by having SecureCRT forward ports to the other hosts.

But my colleague uses a ssh feature called ProxyCommand:

Host host1
ForwardAgent yes
IdentifyingFile ~/ssh/id_rsa
ProxyCommand ssh hophost nc %h 22

This allows him to hop without a tunnel connection. This works even if you have to hop over multiple hosts.

Is there an easy way to use a hop host with SecureCRT? Or is port forwarding the simplest solution?
Reply With Quote
  #2  
Old 05-16-2014, 07:30 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi Andomar,

Thanks for the post. SecureCRT does not currently support the proxy command. I would like to get some additional information to see if there is anything that might help make things easier for you.

What is the version of SecureCRT that you are using?

What about your current "hop" method in SecureCRT is hard?

Are you manually defining the forward ports?
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #3  
Old 05-16-2014, 08:09 AM
Andomar Andomar is offline
Registered User
 
Join Date: Mar 2014
Posts: 16
Thanks for your reply. I'm on SecureCRT 7.2.4 for Windows 64-bit.

It's "hard" to connect to a new host because I have to edit my tunnel session and add a port forwarding rule. Then I create a new session that connects to the forwarded port on my local machine.

And so yes, I am manually defining the forward pots.
Reply With Quote
  #4  
Old 05-16-2014, 08:26 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Thanks for the update Andomar.

SecureCRT 7.2 has a feature that lets you connect using a hop session as a firewall rather than manually defining your forwarding ports. Here are the steps.
  1. Create a session to the hop host.
  2. Create a session to connect to your device.
  3. Step 2 will fail, but you can edit the saved session and define the hop session as a firewall by selecting Select Session... from the Firewall: dropdown menu in the Connection / SSH2 category of the Session Options dialog.
  4. Select the hop session to be the firewall.
Does this seem like it might make things a little easier?
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #5  
Old 05-19-2014, 02:41 AM
Andomar Andomar is offline
Registered User
 
Join Date: Mar 2014
Posts: 16
Hi Todd,

That works, thank you! I'd never have expected "Firewall" to mean that.

-Andomar
Reply With Quote
  #6  
Old 05-19-2014, 07:40 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi Andomar,

Thanks for the update. I am glad to hear that the little known feature works for you.

We will post here if we add support for the OpenSSH ProxyCommand option.

If you would like to be notified directly, please complete and submit the form at the following location:
Submit Feature Request
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #7  
Old 08-22-2014, 12:52 AM
bitcollector bitcollector is offline
Registered User
 
Join Date: Aug 2014
Posts: 1
Super tip

Thanks to Andomar for asking the question and rtb for this tip

I have the same use-case at my new employer and was struggling to remember all these new hostnames. This is perfect and very timely and another reason I love SecureCrt so much.
Reply With Quote
  #8  
Old 04-09-2020, 04:47 PM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,583
Proxy Command has been implemented in SecureCRT 8.7 for Windows, which can be downloaded here:

https://www.vandyke.com/cgi-bin/rele...duct=securecrt

It can be configured in the Global Options dialog in the Firewall category.

Maureen
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 10:35 PM.