While working with libvirt as my primary hypervisor to launch test VMs I need a way to connect to the VMs easily over SSH. As libvirt uses private network and SNAT for connecting the VMs to external world getting SSH access to the VMs requires Port Forwarding or DNAT.
I recently came to know about SSH Jump Host configuration. It which uses the SSH ProxyCommand to tunnel the SSH connection through intermediate hosts. I found it very useful to connect to my VMs hosted by Libvirt KVM on private network. Here is the command that I use to connect to the VMs
ssh -t -o ProxyCommand='ssh hypervisor_user@my-hypervisor1 nc vm1 22' vm_user@vm1
What is more amazing is SSH allows multiple intermediate Jump Hosts in the path.
Here is another trick taken from Gentoo wiki. Add the following configuration to your ssh config file at ~/.ssh/config
Host *+* ProxyCommand ssh $(echo %h | sed 's/+[^+]*$//;s/\([^+%%]*\)%%\([^+]*\)$/\2 -l \1/;s/:/ -p /') exec nc -w1 $(echo %h | sed 's/^.*+//;/:/!s/$/ %p/;s/:/ /')
with this config in place we can specify multiple intermediate jump hosts in the following format
ssh user1%host1:port1+user2%host2:port2+ host3:port3 -l user3
Connection multiplexing is a way to optimize creation of SSH connection between the client and server when frequent requests are made from the client to the server. Instead of creating a new SSH connection for each request and closing it down which incurs delays, it is easier to reuse an existing SSH connection.
ssh -M -S ~/.ssh/controlmasters/user1@server1:22 server1 ssh -S ~/.ssh/controlmasters/user1@server1:22 server1
It is easier to set this up with the ssh config file, here is an example:
Host Server1 HostName server1 ControlPath ~/.ssh/controlmasters/%r@%h:%p ControlMaster auto ControlPersist 10m