When there's only one

...there's only one choice
Everything here is my opinion. I do not speak for your employer.
March 2016
April 2016

2016-03-03 »

I was getting tired of ssh'ing through bastion hosts to get to devices on my lab test network from my laptop when at home, so I googled for "ssh proxy."  The best option in the first 10 results turned out to be a program I wrote, called sshuttle.  Duh.

Anyway, I initially discarded that option because I haven't maintained sshuttle for a long time and it didn't work with newer versions of MacOS.  Looking closer, however, it turns out that someone has picked up maintenance (and you can get it from https://github.com/sshuttle/sshuttle) and it now works great on the latest MacOS, in fact.

Then all you have to do is use the Chrome Secure Shell extension to port forward eg. port 2222 to a real Linux box (in my case, the lab bastion host) on the corp network, and run:
    sshuttle -vNHr localhost:2222

The -H auto-discovers hostnames from /etc/hosts (and other places), while -N auto-discovers local subnet routes that match the lab network.

After that, you can ssh "directly" to any of the attached hosts.

I'm slightly boggled that open source has turned out to be so useful.  I should abandonware my projects more often! (*)

(*) Hah, like I could do it more often

I'm CEO at Tailscale, where we make network problems disappear.

Why would you follow me on twitter? Use RSS.

apenwarr on gmail.com