Mon 20 May 2013 08:01:07 PM PDT
What does ssh -t do?
-t option allocates a pseudo-terminal for
ssh. This comes in handy when you want to "double
Let's say you can reach the host bastion and bastion can reach internal but you can't reach internal. No problem, right? You can log into internal like this:
ssh bastion ssh internal
No joy: "Pseudo-terminal will not be allocated because stdin is not a terminal."
Now try that again with -t...
ssh -t bastion ssh internal
And it works.
The problem, as Nadav Har'El
points out on the OSv
anyone who breaks into bastion (which is an external
machine and thus exposed to the Internet) can then ssh
from there to all the internal machines, or even hijack
already-running ssh sessions.
Nadav has a better solution there.
Jason Fritcher has a similar approach on the SVLUG list, using "ssh -W".
Both Nadav's and Jason's methods also work for scp and for git over ssh.