How to create a ssh tunnel chain in one command?

ssh -L 1521:127.0.0.1:61521 admin@serverA ssh -L 61521:127.0.0.1:1521 admin@databaseB

or using plink (Putty link) from a command window:

plink -ssh -L 1521:127.0.0.1:61521 admin@serverA ssh -L 61521:127.0.0.1:1521 admin@databaseB

As to running this as a single command, the previous answer is correct but if the second ssh requires a password, it will probably not work (depending on ssh default configuration). You will have to force the allocation of a pseudo-tty by using the -t option, as in:

ssh -t -L 1521:127.0.0.1:61521 admin@serverA ssh -L 61521:127.0.0.1:1521 admin@databaseB

(this works using cygwin's ssh command)


You can use the ProxyCommand option for that. Put the following into your ssh configuration file (which is usually at ~/.ssh/config):

Host direct-serverB
ProxyCommand ssh admin@serverA ssh admin@serverB sshd -i

Then you can connect to the serverB as if it was directly available:

% ssh -L 1521:localhost:1521 admin@direct-serverB

This command does not open any ports on the intermediate serverA. However, it has a drawback that you need to authenticate to serverB both from serverA and from your local machine.

If the serverA has netcat installed, then you could write this into your ssh config:

Host direct-serverB
ProxyCommand ssh admin@serverA nc -q0 serverB 22

and drop the serverA→serverB authentication step.