Suppose you have a set of hosts S that you can only reach via ssh from host V by authenticating against a RADIUS server R and tunnelling your connections through a proxy server P from R.
So you set up an ssh config with the appropriate tunnels on V and everything is well. When you're on V, you can reach any host in S via ssh.
Now suppose that host R can only be reached from V, but not from your local host L. So what you want is an ssh configuration that allows you to tunnel every connection to a host in S through V to R (and thus from there through P to the final host).
The configuration below allows you to do just that:
On V, add to your ~/.ssh/config:
On L, add the following to your ~/.ssh/config:
Then, to setup the ssh tunnel, run:
This gets you to V and from there sets up the proxy through R to P.
Having sorted this out without a whiteboard makes me feel like after having a Pangalactic Gargleblaster. You may draw yourself the corresponding picture with clouds representing the interweb and pipes with numbers on them the tunnels. Don't forget to get the arrows right! :-)
February 23, 2007