Emacs Tramp ssh double hop

Question

Could somebody please help me setup Emacs Tramp to do a double hop? I want to work on machine2.abc.def.edu to which I can connect only through machine1.abc.def.edu. My usern

Answer 1

Set up an ssh tunnel from machine1 to machine2 (assuming that sshd runs on port 22 on machine2):

machine1.abc.def.edu> ssh -f -N -L 2222:localhost:22 machine2.abc.def.edu

Then either connect to machine2 from Emacs like this:

/ssh:machine1.abc.def.edu#2222

or add the following line to your .emacs:

(add-to-list 'tramp-default-proxies-alist
             '("\\`machine2\\.abc\\.def\\.edu\\'" nil
               "/tunnel:machine1.abc.def.edu#2222:"))

Answer 2

The answer it to use the ssh_proxy command available in ssh_config. Documented here and here. Basically you create a config file in your ssh folder that you can write shortcuts in. One of your shortcuts is to use a proxy through another end point. All of your shortcuts work for any tool that uses ssh including git and emacs.

Host endpoint2
     User myusername
     HostName mysite.com
     Port 3000
     ProxyCommand ssh endpoint1 nc -w300 %h %p

Host endpoint1
     User somename
     HostName otherdomainorip.com
     Port 6893

In this example running ssh endpoint2 will automatically hop through endpoint1.

Answer 3

Okay, let's try something different then, without opening a tunnel. How about the following in your .emacs file:

(add-to-list 'tramp-default-proxies-alist 
             '("\\`machine2\\'" 
               nil 
               "/ssh:%u@machine1.abc.def.edu:"))

This is different from the code you found in the forum post in two points:

1. it adds ticks around the target host name (Emacs regexp syntax to avoid matching partial names)
2. it uses only the subdomain name in the target host (you reported in a comment below that you cannot ssh to machine2 when you use the full domain name)

Does that help when you try to access a file on machine2?