On Mon, 2005-01-31 at 18:27 +0100, Alexander Larsson wrote: > On Mon, 2005-01-31 at 10:30 -0500, Bill White wrote: > > I don't know if this is a gnome-vfs-sftp question or > > a nautilus question, but I'll ask here first. My work > > machines and home machines are behind firewalls, which > > I can puncture with ssh as usual. On home machine > > named crasher I can do this command from the command > > line: > > ssh gateway.work.com sftp bwhite trunkles > > and I get a command line sftp session to my home > > directory on trunkles.work.com, which is a machine > > inside my work firewall. But if I try "sftp://trunkles.work.com"; > > in nautilus, it fails. If I try > > "sftp://gateway.work.com/home/bwhite/trunkles"; in nautilus, > > it succeeds, and the expected directory is opened. Unfortunately, > > gateway does not mount most of the interesting internal > > machines as a matter of policy, and I can't see much of > > what I need to see. I can see them from trunkles, my > > personal desktop. There is an analogous problem when I > > try to mount my home machine from my work machine. > > > > So, my question is, is there any way to tell nautilus, > > or gnome-vfs-sftp, to open an sftp connection via a > > gateway like this? > > Can't you set up "ssh trunkles.work.com" (or "ssh trunkles") to > automatically use the gateway using ~/.ssh/config. That should make > gnome-vfs work with it I think. Yeah, you'll have to set up an appropriate entry in ~/.ssh/config to get this working at all as you are connecting through ssh to the gateway machine and then launching 'sftp' running on gateway for the final connection to trunkles. There really isn't anything gnome-vfs can do to know about that. I suspect the option you'll want is "ProxyCommand" but I'm not sure of the semantics required to get that working. http://www.hackinglinuxexposed.com/articles/20040830.html That article seems to describe doing exactly what you want to do. Essentially, you add an entry in ~/.ssh/config that reads: Host trunkles HostName trunkles.work.com ProxyCommand ssh gateway.work.com /usr/bin/nc -w 1 %h %p From rom that point, any ssh command to "tunkles" will first ssh to gateway.work.com and use netcat to route all ssh data to the final host (%h -> trunkles.work.com) on the port %p. This requires netcat be installed on the gateway machine, of course. Alternatively, to turn on this forwarding for every machine at work you could have the ssh config file read: Host gateway.work.com HostName gateway.work.com Host *.work.com ProxyCommand ssh gateway.work.com /usr/bin/nc -w 1 %h %p I'm not sure if the "HostName" entry for gateway.work.com is strictly necessary, but without the explicit host entry you'll get an infinite loop for any ssh connection you try to make... -- Shahms E. King <shahms shahms com> Multnomah ESD Public Key: http://shahms.mesd.k12.or.us/~sking/shahms.asc Fingerprint: 1612 054B CE92 8770 F1EA AB1B FEAB 3636 45B2 D75B
Attachment:
signature.asc
Description: This is a digitally signed message part