Multi-Hop Login Using Xshell

Owned by Support
Last updated: May 11, 2018
2 min read

You may find yourself in a situation where you need to connect to your server only through the gateway server.

There are several ways to accomplish this using Xshell.


OpenSSH's ProxyCommand Feature

Below is a sample of an OpenSSH configuration with the ProxyCommand setting:

+--------+       +----------+      +-----------+
| Source | <---> |  gw_svr  | <--> | dest_svr  |
+--------+       +----------+      +-----------+
In the above case, if your source machine is implemented with OpenSSH, you can simply use the following command:
$ ssh -o ProxyCommand='ssh user_of_gw_svr@gw_svr nc dest_svr 22' user_of_dest_svr@dest_svr
Or you can configure your personal ssh config file in your .ssh/config:
$ vi ~/.ssh/config
You'll need to append the following configuration:
Host myserver   # session name that can be any.
HostName dest_svr  # the real host name that can be reached.
User user_of_dest_svr
Port 22
ProxyCommand ssh user_of_gw_svr@gw_svr nc %h %p 
Then you can connect to your server using the following command:
$ ssh myserver

Login Scripts Feature of Xshell

You can also connect entirely using Xshell's sessions properties interface. The below outlines a simple case from session properties:

The expect string will differ, of course, depending on your situation.



SSH_PASSTHROUGH of Xshell's Proxy

Add the following to your sshd_config file and restart sshd:

AcceptEnv XSHELL_HOSTNAME XSHELL_USERNAME XSHELL_PASSWORD XSHELL_PORT XSHELL_PROTOCOL

Make a proxy configuration and select it in your session file.


The host listed under the Connection category must be your destination server.
Now you'll need to edit the startup script of your gw_svr (gateway server).
$ vi ~/.bash_profile
Depending on your preferred shell, your startup script may be .proilfe, .cshrc, etc. Insert the following scrip for jumping to the destination server:
$ vi ~/.bash_profile
if [ $XSHELL_PROTOCOL ]; then
	echo
	echo "Jumping to $XSHELL_HOSTNAME..."
	echo
	/usr/bin/expect -c "
		log_user 0
		if { \"$XSHELL_PROTOCOL\" == \"TELNET\" } {
			spawn -noecho telnet $XSHELL_HOSTNAME $XSHELL_PORT -l $XSHELL_USERNAME
			expect -nocase \"assword:\"
				if { \"$XSHELL_PASSWORD\" != \"\" } {
					send \"$XSHELL_PASSWORD\r\"
				}
			} else {
				spawn /usr/bin/ssh $XSHELL_HOSTNAME -p $XSHELL_PORT -l $XSHELL_USERNAME
				expect  {
					-nocase \"assword:\" {
						if { \"$XSHELL_PASSWORD\" != \"\" } {
							send \"$XSHELL_PASSWORD\r\"
						}
					}
				}
			}
			interact
	"
	logout
fi