Hierarchical ssh connection with Putty, or maybe some other software?

ssh networking tunnel putty proxy

There's this great app on Android called "Juice SSH". It has this wonderful feature where you can hierarchically connect to servers, which makes tunnelling super easy through many servers.

For example, you define a connection ThisMachine -> A. Let's call this connection/profile "Alpha". Then, you can define the connection Beta, which connects ThisMachine -> B. You can simply tell it to use Alpha for that connection, and seamlessly, it'll make the connection ThisMachine -> A -> B. Then you can define a connection Charlie as ThisMachine -> C, and then tell it "use Beta". Then it'll automatically connect with ThisMachine -> A -> B -> C. The chain can be as long as you want.

You can even establish tunnels or SOCKS proxies on ports using Alpha, Beta or Charlie, with any path you want!

What a beautiful feature! I tunnel through 5 servers with it without even having to think about it. Why create VPNs when ssh can do the job?!

Is there a way to do this with Putty, or any other similar software on Windows?

EDIT: There seems to be a misunderstanding from what I see in the comments. I know ssh tunnels. I know how to create them in putty per connection (and I use it for all kinds of applications, such as secure VNC), and it being per connection is the problem. What I'm looking for is automatic multi-level or hierarchical tunneling.


Solution 1:

This is possible to implement with other SSH clients, just more tedious – e.g. with PuTTY (or its command-line counterpart plink) you have to manually start a connection to A, then to B, then to C (or the other way around? I didn't 100% understand.)

In PuTTY, this might be possible by saving connection profiles through the GUI and loading them through plink.

  • For example, configure PuTTY to connect to host A, and save it as "hostA".

  • Then configure PuTTY to connect to host B and specify the following "Telnet or local proxy command" – then save the profile as "hostB":

    plink -nc %host %port -load hostA

  • Configure PuTTY to connect to host C and specify the same proxy command, except make it load the "hostB" profile. Save this profile as "hostC"...

OpenSSH – which is also available for Windows – allows doing the same by configuring "ProxyCommand" for each server in ~/.ssh/config, so that ssh C wouldn't create a direct TCP connection but use a given command (which in this case happens to be a SSH-based TCP tunnel through B):

  • Put this in ~/.ssh/config (same location in Windows too):

    Host thisHost
    ProxyCommand ssh -W %h:%p hostA

Host hostA
    ProxyCommand ssh -W %h:%p hostB

Host hostB
    ProxyCommand ssh -W %h:%p hostC

  • Now running ssh thisHost will spawn three nested ProxyCommands.

However, OpenSSH has also recently added the "ProxyJump" option which automates both the command and even the chaining:

  • The -J option alone acts as a shortcut for using ssh -W as the proxy command:

    ssh -J hostB hostA

  • But it also directly accepts a comma-separated list of hosts:

    ssh -J hostA,hostB,hostC hostD

  • The ~/.ssh/config setting looks pretty much the same:

    Host thismachine
    ProxyJump hostA,hostB,hostC

Related

Import 11GB PST file to Gmail without Outlook
Bash on macOS, alt+d inserts ∂ instead of removing word
Slow computer because of bad SSD?
X11 forwarding: Unable to init server: Could not connect: Connection refused. What is needed for an X11 connection?
A non-RAID Intel hard drive is not displayed as a Win10 installation option in HP Notebook laptop
Replacing '-' with '/' in Notepad++
Auto indent in Notepad++
How can I search/filter for calendar invites in OWA?
Zeroing a file from command-line
Does Windows 98's command.exe invoke a dos prompt or a command prompt? [duplicate]
Epsilon delta for proving $x^2$ is continuous for $x<0$
Is every oriented simplicial complex a $\Delta$-complex?