Explanation of Chain Tunneling

Thanks for explaining that. Sometimes I would like to be anonymous, but this level seems like it might be over the top. Do you still use Chain Tunneling, and if so, why?

In OpenSSH, I use this setup when I need tunnels. This allows me to directly type sftp server3 without having to worry about manually starting the server2 and server1 tunnels first. # ~/.ssh/config # to connect to server2, tunnel through server1 Host server2 ProxyCommand ssh server1 nc %h %p # to connect to server3, tunnel through server2 Host server3 ProxyCommand ssh server2 nc %h %p To be more complete, I usually use ssh -oCiphers=arcfour128,arcfour256,arcfour,blowfish-cbc -oControlMaster=no -oForwardX11=no -oForwardAgent=no -oPermitLocalCommand=no -oClearAllForwardings=yes server1 nc %h %p as the ProxyCommand. The ssh connection being tunneled is already encrypted, so there's no point in using the heavier aes/3des for the outer layer; arcfour and blowfish are faster. The rest of the -o**** settings are out of paranoia, so that nothing breaks even if a Host server1 stanza with really odd settings is added to ssh_config. Similarly, you can configure PuTTY to use the proxy command plink -P %proxyport -pw %pass %user@%proxyhost nc %host %port, and set the proxy hostname/port/user/password in the Connection/Proxy configuration pane accordingly. plink and the rest of the PuTTY suite (pscp, psftp, etc.) load anything saved in PuTTY's graphical configuration; hopefully WinSCP does too. (I don't use it, so I'm not too familiar with its features.)