Re: How do I use ProxyCommand to connect to remote host using shared session enabled by ControMaster?



On Mon, Feb 7, 2011 at 9:08 PM, Igor Bukanov <igor@xxxxxxxx> wrote:
On 5 February 2011 19:10, Asif Iqbal <vadud3@xxxxxxxxx> wrote:
# cat ~/.ssh/config
...
host remotehost
 hostname remotehost.example.net
 ProxyCommand ssh jumphost -t ssh %h

ProxyCommand should in general connect its input/output stream to sshd
demon listening on some socket.  In your case I would suggest to use
the nc command from jumphost that binds stdin/stdout to the ssh port
on the remote host, like in:

ProxyCommand ssh -T -a jumphost nc %h %p

where -T and -a is used to make sure that useless in this case tty on
jumphost is not allocated and no agent is forwarded.


This worked perfect. So now I have it setup like this

$ cat ~/.ssh/config
host jumphost
hostname jumphost.example.net
ForwardX11 yes
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p
host remotehost
hostname remotehost.example.net
ProxyCommand ssh -T -a jumphost nc %h %p

And I can ssh to remotehost through the enabled shared session setup
by jumphost.

Is it possible to make it work as default for all hosts except the jumphost?

I tried to replace the remotehost with `*' and then tried to fresh
start, like below

$ cat ~/.ssh/config
host jumphost
hostname jumphost.example.net
ForwardX11 yes
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p
host *
hostname remotehost.example.net
ProxyCommand ssh -T -a jumphost nc %h %p

But, looks like jumphost is trying to use the proxy command instead of
just going with the config
specific to it

$ ssh -v jumphost
OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/iqbala/.ssh/config
debug1: Applying options for jumphost
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket
"/home/iqbala/.ssh/iqbala@xxxxxxxxxxxxxxxxxxxx:22" does not exist
debug1: Executing proxy command: exec ssh -T -a jumphost.example.net
nc jumphost.example.net 22


--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?



Relevant Pages

  • Re: How do I use ProxyCommand to connect to remote host using shared session enabled by ControMaster
    ...  ProxyCommand ssh jumphost -t ssh %h ... demon listening on some socket. ... the nc command from jumphost that binds stdin/stdout to the ssh port ...
    (SSH)
  • Re: ssh X11 forwarding problem
    ... ForwardX11 yes ... back in with 'ssh -X' and tried xeyes again and it says: Error: Can't ... With the other network's host it automatically set it to ... debug1: Authentication succeeded. ...
    (Debian-User)
  • [opensuse] ssh problem
    ... I can ssh to other servers of the same provider, ... debug2: ssh_connect: needpriv 0 ... debug1: connect to address 217.26.50.6 port 22: Connection timed out ... ssh: connect to host server-x001.hostpoint.ch port 22: Connection timed out ...
    (SuSE)
  • Re: [opensuse] ssh problem
    ... I can ssh to other servers of the same provider, ... debug2: ssh_connect: needpriv 0 ... debug1: connect to address 217.26.50.6 port 22: Connection timed out ... ssh: connect to host server-x001.hostpoint.ch port 22: Connection timed out ...
    (SuSE)
  • OpenSSH slow to establish connections
    ... I am experiencing problems with connecting to a host on the LAN via SSH. ... debug1: Remote protocol version 2.0, ... the connection is established pretty quickly. ...
    (SSH)