Meaning of SSH command with 2 IPs

Often I have seen ssh commands like:

ssh user1@user2@<one-ip-address>@<second-ip-address

First I thought this is to ssh through another server. But several questions and examples like How do I SSH to machine A via B in one command? gives better solutions for server through ssh.

So, my question is what kind of scenarios we have to use the above kind of ssh commands. What is the destination of the ssh command?


There's an SSH feature called ProxyJump:

ssh -J [email protected]:port1,[email protected]:port2 [email protected]

which sounds like what you're referring to.

More information on this in eg Section 6 on ProxyJump here or this page on ProxyJump from RedHat. In particular note that there are alternative formats, eg when the user:passwd are the same on each host (don't do that!). You can also put the info into a config file to avoid typing it out each time (though history is useful there).

Finally there are other ways to achieve the same thing, in SSH: -o proxycommand=, and -q -W (the later explained here on ExplainShell).


As many of the comments suggest, the syntax ssh user1@user2@<one-ip-address>@<second-ip-address does not lead to a useful ssh behavior and it has nothing to do with the jump host function.

Try the following:

  • On any system, connect with your current user to localhost:

    $ ssh localuser@localhost
    

    This will, as expected, open a ssh session on localhost

  • Now try the same with the proposed syntax:

    $ ssh localuser@localhost@localuser@localhost
    localuser@localhost@localuser@localhost's password: 
    Permission denied, please try again.
    ...
    

    You will be asked for a password, but the system will not let you in, since the user localuser@localhost@localuser does not exist on the system.

    Also check the output of /var/log/auth.log:

    Aug 17 08:45:46 somehost sshd[73042]: Invalid user localuser@localhost@localuser from 127.0.0.1 port 44292
    Aug 17 08:45:48 somehost sshd[73042]: pam_unix(sshd:auth): check pass; user unknown
    Aug 17 08:45:48 somehost sshd[73042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 
    Aug 17 08:45:50 somehost sshd[73042]: Failed password for invalid user localuser@localhost@localuser from 127.0.0.1 port 44292 ssh2
    

Unless you create a user localuser@localhost@localuser on the system you want to connect to, this syntax won't work.