Archive for February, 2015

A brief hike on the Hangover trail in Sedona

February 15th, 2015 | Category: Uncategorized

We (A bunch of people from the Flagstaff Freethinkers) had decided to enjoy the sights of Schnebly Hill Road, but found it closed for the season – a silly bureaucratic event, given the long-standing warm temperatures and lack of snow in the area.  So we went to plan B and did a short out-and-back on the Hangover trail instead.  This trail wanders through the scrub north of Schnebly Holl Road and goes up and over one of the red rock formations for which Sedona is so famous, providing a great overview of Steamboat rock and route 89 which sits in between the trail and that rock. The trail is a loop, but lacking time, we didn’t do the entire thing.

No comments

multi-hop ssh

February 11th, 2015 | Category: Tech-y

At work I routinely have to ssh from host A to host B and then to host C.  It is not possible to establish a direct link from A to C, so I’ve been manually establishing a connection from one to the other, which is annoying.  Today I finally got around to setting up a better solution, which depends on having a unix-like system on all nodes. Host A is running Windows with cygwin, and hosts B and C are running Mac OS and Linux. Another assumption is that you have the same user name on all nodes, although there are ways to get around it if you don’t.

1) Add these lines to ~/.ssh/config (which you may have to create).

 Host hostC.domain.edu hostC
        ProxyCommand ssh hostB -W %h:%p

Now, when I type “ssh hostC” on my PC, it hops through hostB and logs into hostC automatically with no further typing.

What is happening is that when you ssh to hostC, ssh substitutes another command for /bin/sh on hostB (which is normally executed by default), and forwards stdin and stdout to this new command (that’s what the –W is for), which is an ssh to rsndds. The effect is to hop through hostB. Because I’ve set up keys without pass phrases on all machines, no password is required. If you don’t have keys set up, it will still work, but will ask for passwords.

If you want to use pass phrases, you can use ssh-agent on hostA and hostB, which will ask only once and then store the keys in memory until the next reset of ssh-agent (probably a reboot).

If you have a different user name on hostB, simply specify it like this:

Host hostC.domain.edu hostC
        ProxyCommand ssh user@hostB -W %h:%p

You can create as many of these special entries in your config file as you wish, each specifying special rules for creating connections to your unique networks. Isn’t ssh cool?

When I started figuring out how to do this, I thought of it as “tunneling,” but technically that’s probably not correct; that name is given to using ssh for encrypted port forwarding.  Nevertheless, you can think of it as a tunnel, allowing you to ssh from one machine to another using an intermediate machine, all without your intervention.

No comments