38

I'm just trying to use PuTTY to get an SSH connection to my servers. These servers allow incoming SSH connection only from another specific server ("MySshProxyingServer" in example below).

Using Linux this is no problem with the ssh -W command.

In PuTTY I can't find the options to create such a connection.

Example under Linux (~/.ssh/config):

Host MyHostToConnectTo
    Hostname xx.xx.xx.xx
    User root
    Identityfile ~/.ssh/id_rsa
    ProxyCommand ssh MySshProxyServer -W %h:%p

Anyone knows how to use such a config in PuTTY?

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
veiL
  • 383
  • 1
  • 3
  • 5

4 Answers4

41

If you want to "jump a host", then using "local proxy command" is an overkill. Recent versions of PuTTY have this build-in. Go to Connection > Proxy, and in "Proxy type", select "SSH to proxy and use port forwarding". Then specify the details of the intermediate server below (like Hostname, Port, Username, Password [or load your private key to Pageant]).

enter image description here

(It's actually an overkill for OpenSSH too, as it has more user friendly options for this purpose too, see Does OpenSSH support multihop login?)

To answer your literal question: The equivalent in PuTTY is "local proxy command". You can use the plink.exe with the -nc switch instead of the ssh with the -W switch:

PuTTY local proxy

The "local proxy command" is:

plink.exe %user@%proxyhost -P %proxyport -nc %host:%port

An alternative is to open a tunnel via the "MySshProxyServer" first using another instance of PuTTY (or Plink).

See for example:

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
  • 1
    if you're using key auth you may find useful this line: `plink.exe %user@%proxyhost -ssh -i c:\keys\my_key.ppk -nc %host:%port` – Putnik May 28 '21 at 11:29
3

Just in case you still use password for your jumphost is the option for that with an example.

plink.exe %user@%proxyhost -pw %pass -P %proxyport -nc %host:%port
ucipass
  • 923
  • 1
  • 8
  • 21
  • 1
    This might be a useful comment to my answer. But it is not a standalone answer to the question. – Martin Prikryl Oct 22 '20 at 13:46
  • 1
    This answer was just what I was looking for! I've been trying to make this work using every config example I could find, but I kept getting "Access Denied". By the way, enabling "Print proxy diagnostics in the terminal window" helped me realize this was a problem. I was finally able to get in after adding the `-pw` setting. So thanks! – Spencer Williams Oct 26 '20 at 18:05
1

When you want to start putty.exe from commandline it works this way:

putty.exe -proxycmd "plink.exe user@jumphost -P 22 -nc targethost:targetport" user@foo

According to the docs it uses stdin/stout of the proxycmd so "foo" is ok as target hostname here.

t3o
  • 329
  • 1
  • 10
1

Suppose we want ssh to 172.16.0.21 via 8.8.8.8

login name in both hosts is john

path to private key is C:\users\john\.ssh\private.ppk

enter image description here

enter image description here enter image description here

.

plink.exe -v -ssh %user@%proxyhost -P %proxyport -nc %host:%port   -i "c:\Users\john\.ssh\private.ppk"

p.s.

If your private key has password protect then you must additionaly launch pageant and load your private key there

p.s.

if you want to use command line only then:

putty.exe -proxycmd "plink.exe john@8.8.8.8 -P 22 -nc 172.16.0.21:22 -i c:\Users\john\.ssh\private.ppk " john@172.16.0.21  -i c:\Users\john\.ssh\private.ppk
Alex
  • 837
  • 8
  • 9