July 7, 2016

SSH multi-hop connection and Agent Forwarding

SSH multi-hop connection and Agent Forwarding

In SSH, it is common to log into one server and log into different server in the network by giving SSH command on that server.
It is common because there is a security problem to connect directly to the internal server in the network.

In this page, we call first server “HOP” and the server to access “INSIDE” which is the last destination.
Poderosa is supporting SSH connection through the HOP and you can access the INSIDE server with one click once it is set.

The procedure to set SSH connection through the HOP is written below.

(1) Set Inside server information on new connection dialog.
It is not necessary to access connection’s IP Address/Name from the environment which is executing Poderosa.
It also set secret key to log in to the Inside server. Make sure to not put the secret key in the HOP server.

(2) Define that the connection is established through the HOP.

Check on “Through the Hop”. Select the server from the list if you have used the HOP previously. If not, set new HOP server in next screen.

(3) Configure the HOP
Input connection information to log in to the HOP server.
Usually, it is not necessary to change “Command to execute on the Hop”, but please adjust it if you want to have options to SSH command.

Thus you can connect through the HOP.
The signature step which is necesary to SSH login from the HOP to the INSIDE will be requested from Poderosa, by SSH Agent Forwarding function.

This setting also records the information of the HOP, which makes it possible to access the Inside server with a click from the next time.