Here's the scenario: the user runs "ssh -i sshkey user@server1". I want the SSH connection to be tunneled through server1 to server2. Normally, the user could do this himself using:
ssh -i sshkey user@server1 -o 'ProxyCommand /bin/nc server2 22'
However, I don't want the user to set up the proxy themselves, using ssh command-line arguments or even ssh_config changes. As sysadmin, I want to be able to redirect a user's SSH session to a different server transparently. All solutions I've found so far require ProxyCommand. Is there a way for me to accomplish this?
Note that the user is using SSH keys, not username/password, so those credentials need to be passed on to server2.
Best Answer
I can think of two ways to do this:
Forced command in the user's
AuthorizedKeysFile
(i.e.~/.ssh/authorzied_keys
) on server1:The entry would look like
Then the command
ssh -i sshkey server1
will send the user directly to server2.Or, change the users' shell on server1 by setting it to something like
/bin/proxyshell
, the contents of which will be: