Secure Shell
How do I use ProxyCommand to connect to remote host using shared session enabled by ControMaster? Feb 05 2011 06:10PM
Asif Iqbal (vadud3 gmail com) (1 replies)
Re: How do I use ProxyCommand to connect to remote host using shared session enabled by ControMaster? Feb 08 2011 02:08AM
Igor Bukanov (igor mir2 org) (1 replies)
Re: How do I use ProxyCommand to connect to remote host using shared session enabled by ControMaster? Feb 08 2011 03:20AM
Asif Iqbal (vadud3 gmail com)
On Mon, Feb 7, 2011 at 9:08 PM, Igor Bukanov <igor (at) mir2 (dot) org [email concealed]> wrote:
> On 5 February 2011 19:10, Asif Iqbal <vadud3 (at) gmail (dot) com [email concealed]> wrote:
>> # cat ~/.ssh/config
> ...
>> host remotehost
>>  hostname remotehost.example.net
>>  ProxyCommand ssh jumphost -t ssh %h
>
> ProxyCommand should in general connect its input/output stream to sshd
> demon listening on some socket.  In your case I would suggest to use
> the nc command from jumphost that binds stdin/stdout to the ssh port
> on the remote host, like in:
>
> ProxyCommand ssh -T -a jumphost nc %h %p
>
> where -T and -a is used to make sure that useless in this case tty on
> jumphost is not allocated and no agent is forwarded.
>

This worked perfect. So now I have it setup like this

$ cat ~/.ssh/config
host jumphost
hostname jumphost.example.net
ForwardX11 yes
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p
host remotehost
hostname remotehost.example.net
ProxyCommand ssh -T -a jumphost nc %h %p

And I can ssh to remotehost through the enabled shared session setup
by jumphost.

Is it possible to make it work as default for all hosts except the jumphost?

I tried to replace the remotehost with `*' and then tried to fresh
start, like below

$ cat ~/.ssh/config
host jumphost
hostname jumphost.example.net
ForwardX11 yes
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p
host *
hostname remotehost.example.net
ProxyCommand ssh -T -a jumphost nc %h %p

But, looks like jumphost is trying to use the proxy command instead of
just going with the config
specific to it

$ ssh -v jumphost
OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/iqbala/.ssh/config
debug1: Applying options for jumphost
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket
"/home/iqbala/.ssh/iqbala (at) jumphost.example (dot) net [email concealed]:22" does not exist
debug1: Executing proxy command: exec ssh -T -a jumphost.example.net
nc jumphost.example.net 22

--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus