Ssh auto-forward


I'm not sure if there is a specific name for this type of activity or not, but anyways:

When a user ssh's into machine1, is there someway to force them to automatically ssh to machine2?

For example, if user Bob ssh's into server1, can you set something up on server1 so that when Bob successfully logs in, he automatically ssh's to server2, so that he only has access to server2 and isn't really able to do anything on server1? Also, when he exits, it would disconnect him from server2 but also server1.

Does that make sense? Is that possible?

Best Answer

Is the real requirement here that Bob needs ssh access to machine2 but can't get at it directly because it's behind a firewall? If so, the cleanest solution is probably to port-forward a port on server1 to the ssh port (22) on server2, which you can do with iptables, see Then the user can

ssh -p <port number> server1 

to get into server2.

If you really want to force people logging in to server1 to go straight to server2 it might be possible to set the relevant user's shell on server1 to a script which runs "ssh server2" however the user will end up having to type a password twice (if you're using paswords) - once for server1 and again for server2 - and you'd also need to be careful to lock down the SSH server on server1 to prevent the user doing port forwarding etc through it (which you can do with SSH access regardless of what your shell is set to).