Thanks for the great tips, Jay. Unfortunately, I'm trying to make a script that I can share with users who probably won't be interested in editing their config files. I might be able to use some of your ideas in some way in other work, though. Mike On Tue, 17 Dec 2013, Jay Kline wrote: > On Tue, Dec 17, 2013 at 5:37 PM, Mike Miller <mbmiller+l at gmail.com> wrote: >> Here's the problem. machineA is behind a firewall, but it is >> accessible via ssh from machineB, so I've written a script that lets me >> to ssh to machineA via ssh through machineB using port forwarding: >> > > A technique Ive use for this type of problem is to combine the > ProxyCommand option with netcat (nc). So in your .ssh/config put this: > > Host machineA > ProxyCommand ssh machineB /usr/bin/nc machineA 22 > > Using this method, all the native ssh-based tools "just work". To ease > the time it takes to log on, I also make use of session multiplexing. > That means it keeps the session open even after you exit, and future use > of ssh/scp/etc will reuse the connection. Set that up with this entry: > > Host * > ControlMaster auto > ControlPath /tmp/.ssh_control_%r@%h:%p > > Note that using session multiplexing makes setting up port forwards a > little more tricky, but not impossible (read the man page for > ssh_config), and if your network link changes/drops you need to issue > "ssh -O exit hostname" from your local host instead of using the ~. > break command. > > Jay