Local Resolve of Proxied SSH Host Names

If you need to use one SSH machine to jump over to other hosts, you know the drill. The easiest way is to simply edit ~/.ssh/config and add ProxyJump definitions:

Host tunnel
  HostName      192.168.0.1
  User          myname
  IdentityFile  ~/.ssh/id_rsa

Host 192.168.1.*
  ProxyJump     tunnel

Example file above essentially assumes you have your jump point at 192.168.0.1 and you are using it to get into machines in 192.168.1.0/24 network. To go into 192.168.1.100, you would simply use

$ ssh user@192.168.1.100

SSH is then going to use it’s config definitions to connect to tunnel machine first (192.168.0.1) and then to make another connection from that machine to the final destination (192.168.1.100). Easy enough.

However, what if we want names to be resolved too?

If you have DNS or those names defined on your jump point, all is ok. However, what if your jump point is not under your control or you are too lazy to keep /etc/hosts up-to-date on both your local machine and the jump one?

Well, you will see the following error message:

$ ssh user@myremotehost.internal
ssh: Could not resolve hostname myremotehost.internal: Name or service not know

In that case, you will need ProxyCommand and dig magic in ~/.ssh/config to do local IP resolve.

Host *.internal
  ProxyCommand           ssh -W "[`dig +short %h`]:%p" tunnel

Example above will locally resolve all IPs for host names ending in .internal before using the resolved IP on the jump host.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.