Another tunneling question

Hey all,

I find it difficult to find documentation / examples about setting up connections through tunnels.

I have a tunnel working with the following SSH config at the client side:

Host Machine_A
  HostName Machine_A_IP
  User Machine_A_User_Name

Host Machine_B
  Hostname Machine_B_IP
  IdentityFile C:\Users\CLIENT_NAME\.ssh\id_rsa
  ProxyCommand ssh -W %h:%p Machine_A
  User Machine_B_User_Name

Creating an SSH connection with Machine B works fine with ssh Machine_B.

But I am unsure how to make a similar jump with Thinlinc. Is this possible? Or do I need to manually set up port forwarding on Machine A and then set HOST_ALIASES in tlclient.conf / windows register?


Strictly speaking, this is not currently possible with ThinLinc. We do have a bug for this:

That said, see the thread on Jumphost support (but note that modifying ThinLinc’s SSH configuration is not officially supported at this time).

In general, any proxy configuration would need to be set up in advance and be transparent to ThinLinc. In your case it looks like this would require using the HOST_ALIASES parameter as discussed.

It would be interesting to hear more about your particular requirements as feedback for this feature.


Well, I am in an university hospital environment. Our research group is working with a couple of people on building machine learning classifiers to aid patient diagnostics. For this we have a linux machine equipped with a powerful GPU. The researchers who used the linux machine logged into it using thinlinc from their windows clients, which worked beautifully! However, recently the hospital networking rules changed and the linux machine received a strict ACL requiring everyone to log onto the machine via a jump server, which requires hospital login credentials.

I was trying to figure out how we could keep access simple and straightforward for the client. With the fairly simple ssh config above it works well with the ssh plugin for VS Code on the client side.

So now, I am trying to figure out if I can change the thinlinc client configs for our researchers to regain access again before having to tinker with the jump server itself. But I guess the most straightforward solution would be the latter.

Thanks @jayd. Yes, I think the only option at present would be to have a reverse tunnel to the jumphost and configure HOST_ALIASES on the client.

Fair enough, thanks!