Mailing List Archive: Configuration dependent on local hostname?

Configuration dependent on local hostname?

Mar 23, 2009, 11:13 AM

Post #1 of 3 (2880 views)

Hello,

To get access to hosts behind a NAT-router, I have put the following
into my ssh-config:

Host ext-gw.my-do.main
ProxyCommand none

Host *.my-do.main
ProxyCommand ssh ext-gw.my-do.main nc -w1 %h 22

This works fine while being outside of the NATted network.

Now I would like to configure a laptop in such a way that it is able
to connect directly to the network as well as from the outside. For
that, I'd like to do something like that:

Host gw.my.do.main
ProxyCommand none

LocalHost ! *.my.do.main
Host *.my.do.main
ProxyCommand ssh gw.my.do.main nc -w1 %h 22
LocalHost *

Of course, such a "LocalHost" option does not exist. Maybe there exist
some other way to do this?

BTW: I am using openssh as it comes with opensuse11.1 and ubuntu-8.10

opensus-11.1 $ ssh -V
OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008

ubuntu-8.10 $ ssh -V
OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007

Re: Configuration dependent on local hostname? [ In reply to ]

dtucker at zip

Mar 23, 2009, 8:40 PM

Post #2 of 3 (2741 views)

Permalink

Josef Wolf wrote:
> Hello,
>
> To get access to hosts behind a NAT-router, I have put the following
> into my ssh-config:
>
> Host ext-gw.my-do.main
> ProxyCommand none
>
> Host *.my-do.main
> ProxyCommand ssh ext-gw.my-do.main nc -w1 %h 22
>
> This works fine while being outside of the NATted network.
>
> Now I would like to configure a laptop in such a way that it is able
> to connect directly to the network as well as from the outside. For
> that, I'd like to do something like that:
>
>
> Host gw.my.do.main
> ProxyCommand none
>
> LocalHost ! *.my.do.main
> Host *.my.do.main
> ProxyCommand ssh gw.my.do.main nc -w1 %h 22
> LocalHost *

You can do this entirely with a little proxycommand. For example, I
have something like this:

in ~/.ssh/config:

Host myinternalhost
ProxyCommand ~/bin/myconnect %h %p

in ~/bin/myconnect:

#!/bin/sh
if ifconfig fxp0 | grep "inet 10\.0\.0\." >/dev/null; then
exec nc $1 $2 # internal, connect direct
fi
exec gw.my.do.main ssh nc $1 $2 # external, via GW

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: Configuration dependent on local hostname? [ In reply to ]

jw at raven

Mar 24, 2009, 2:29 PM

Post #3 of 3 (2729 views)

Permalink

On Tue, Mar 24, 2009 at 02:40:52PM +1100, Darren Tucker wrote:

>> To get access to hosts behind a NAT-router, I have put the following
>> into my ssh-config:

[ ... ]

> You can do this entirely with a little proxycommand. For example, I have
> something like this:
>
> in ~/.ssh/config:
>
> Host myinternalhost
> ProxyCommand ~/bin/myconnect %h %p
>
> in ~/bin/myconnect:
>
> #!/bin/sh
> if ifconfig fxp0 | grep "inet 10\.0\.0\." >/dev/null; then
> exec nc $1 $2 # internal, connect direct
> fi
> exec gw.my.do.main ssh nc $1 $2 # external, via GW

[ ... ]

Ah, that looks very promising. Thanks Darren! I'll try that.