How to use ssh ProxyCommands on Windows 10 from Powershell

Tags: #<Tag:0x00007f8e750db870> #<Tag:0x00007f8e750db118> #<Tag:0x00007f8e750dae98> #<Tag:0x00007f8e750dab78>

SSH Proxy on Windows’ bundled OpenSSH - that used to be broken

OpenSSH Client is an Optional Windows feature

The “architecture” of this scenario is plain simple, but until recently it was relatively complex to support Windows clients featuring Jump Hosts.

OpenSSH is available on recent Windows installs. – Works better than Powershell Remoting, trust me :wink:

image

Requirements

  • Installed OpenSSH client on Windows
  • Compatible version of OpenSSH server on remote machines (tested with OpenBSD 6.6 and Ubuntu Linux 18 LTE)
PS C:\Users\marius> [System.Environment]::OSVersion

Platform ServicePack Version      VersionString
-------- ----------- -------      -------------
 Win32NT             10.0.19041.0 Microsoft Windows NT 10.0.19041.0

JumpHosts are a common segregation element

  • Windows -ssh-> mybox -ssh-> autobox
  • mybox - remote Linux system (Jump host)
  • autobox - internal Linux system behind the Jump host

Get userdir or homes

PS C:\Users\myuser> echo $env:USERPROFILE
C:\Users\myuser

Make SSH config

mkdir $env:USERPROFILE\.ssh
cd $env:USERPROFILE\.ssh
code .

.ssh\config file example with Windows ProxyCommand

Assuming you ran ssh-keygen:

    Host mybox
       HostName vpn.mybox.info
       User myuser
       IdentityFile ~/.ssh/id_rsa

    Host autobox
       ProxyCommand ssh.exe -W %h:%p mybox
       HostName 192.168.1.X
       User myuser

Copy SSH public key without ssh-copy-id from Windows to Linux

On the Windows 10 client:

    PS C:\Users\myuser\.ssh> ssh -v [email protected]
    PS C:\Users\myuser\.ssh> scp .\id_rsa.pub [email protected]:/tmp/

On the remote Linux system within the SSH session:

    [email protected]:~/.ssh$ cat /tmp/id_rsa.pub >> authorized_keys
    [email protected]:~/.ssh$ chmod 600 authorized_keys
    [email protected]:~/.ssh$ exit

Keep SSH Socks proxy going via Powershell on Windows

Little one-liner, but Powershell:

PS C:\Users\myuser> while($true){ ssh -D 5000 mybox; Start-Sleep -s 10 }

Equivalent in Bash (e. g. for WSL(2)):

λ /mnt/c/Users/myuser/ while true; do ssh -D 5000 osroad; sleep 10; done