SSH config for SSH Proxy Hopping

I regularly need to connect to SSH hosts behind a firewall via a single SSH host with SSH access enabled.

Since I am connecting to many hosts through this proxy SSH host I can make my life a little easier by adding some entries to my ~/.ssh/config file:

If I add the following:

Host internalhost
ProxyCommand ssh -q nc internalhost 22

I can use the command:

ssh internalhost

This will first ssh to (the host with SSH open in the firewall) and then SSH to internalhost on port 22. The first time connecting you may want to answer ‘yes’ to add the host to your known_hosts file and you may also want to copy your SSH public key to avoid having to enter too many passwords:


If you have not already done so you can create SSH keys on your client with the command:


The ~/.ssh/config file can be used for other time-saving shortcuts including specifying the SSH port (if not using the default 22), the user and the hostname e.g.

Host anotherserver
Port 2222
User jonny

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>