Last Updated: February 25, 2016
· justinlynn

Tunnel to Internal Hosts using only SSH and netcat

For those of you with internal hosts behind a bastion SSH machine you know how annoying it can be to have to log in multiple times before being able to connect to the box that you really want to use. SSH, along with netcat, provides a handy built-in way to easily route through intermediate hosts without having to set up a VPN or enter extra commands each time.

Simply add the following to your SSH config (typically in ~/.ssh/config):

Host <hostname of machine, wildcards allowed>
  ProxyCommand ssh <your user>@<bastion host> nc %h %p

The hostname pattern following the Host parameter specifies the hosts to which you wish to use the tunnel to reach. For example, the hostname might be "*" which would result in using the tunnel for all hosts in the domain (i.e.

Extra bonus: This also enables -D dynamic SOCKS proxies or any other SSH forwarding option through bastion hosts to internal machines without extra gymnastics. The bastion effectively becomes transparent.