Chapter 35: Using ProxyCommand for Advanced SSH Connections
In this chapter, you'll learn how ProxyCommand works, when to use it over ProxyJump, and how to use netcat and socat as SSH proxy mechanisms.
In the previous chapter, you learned how bastion hosts provide secure access to private servers and how ProxyJump makes multi-hop SSH connections simple.
Once ProxyJump is configured in your SSH client, tasks like SSH connections, file transfers, and port forwarding can all pass through the bastion host automatically, which gives you a clean and easy way to work with systems that are not directly accessible.
For most situations, ProxyJump is the recommended solution because it is simple to configure and easy to manage. However, it has a few limitations. Since ProxyJump works by connecting through another SSH server, it can only be used when the intermediate system supports SSH.
What if you need to connect through something else, such as a custom script, a netcat relay, a corporate HTTP proxy, or another type of network gateway that is not running SSH? In those cases, ProxyJump cannot help.
This is where ProxyCommand becomes useful, as it allows SSH to run any command that can create a network connection to the destination host.