Don Marti

Mon 20 May 2013 08:01:07 PM PDT

What does ssh -t do?

Using the -t option allocates a pseudo-terminal for ssh. This comes in handy when you want to "double ssh".

Let's say you can reach the host bastion and bastion can reach internal but you can't reach internal. No problem, right? You can log into internal like this:

ssh bastion ssh internal

No joy: "Pseudo-terminal will not be allocated because stdin is not a terminal."

Now try that again with -t...

ssh -t bastion ssh internal

And it works.

The problem, as Nadav Har'El points out on the OSv blog, is that anyone who breaks into bastion (which is an external machine and thus exposed to the Internet) can then ssh from there to all the internal machines, or even hijack already-running ssh sessions. Nadav has a better solution there.

Jason Fritcher has a similar approach on the SVLUG list, using "ssh -W".

Both Nadav's and Jason's methods also work for scp and for git over ssh.