When working with enterprises, you're likely going to have to hop through a few tunnels to connect to the host you want to work on – and this can be a very tedious task manually, but it doesn't have to be.

Enter .ssh/config

Welcome to the wonderful world of .ssh/config – where, in this example, we'll define a host and jump through another server in order to connect to it.

Start by editing your ~/.ssh/config file (or, creating if you don't have one already). You'll want to add the following block, replacing the variables ($$) with your data as necessary:

Host $$hostname$$
    HostName $$hostipaddress$$
    User $$hostusername$$
    ProxyCommand ssh $$tunnelserver$$ nc %h %p
    IdentityFile /home/$USER/.ssh/id_rsa
    IdentitiesOnly yes

In here, we define our host (eg, we can do: "ssh kellysserveronprem"), it will hit this host block. We've told our server the host's real IP address (eg,, the username we want to ssh as (eg, "ed"), our identity file for SSH, and to use identities. Then, we have this "ProxyCommand" block – ProxyCommand is what lets us use our tunnel server first, so instead of the ssh path looking like this:

ssh [email protected]

On the backend, here's the "true" path it will take:

ssh [email protected]$$tunnelserver$$ => ssh [email protected]$$hostipaddress$$

It's important to note you're not limited to just one hop here, you may require multiple ProxyCommand targets, and you can specify them all on one line. If you're using something like Visual Studio Code and want to connect to remote instances in an enterprise network, use an sshd config file and your tunnel server like this – it makes life easier when trying to work remotely.

infrastructure enterprise


Senior Software Engineer, Labber, Sysadmin. I make things scale rapidly. Optimize everything.

Read More