ssh multi-hop... adapting command to ssh config file

ssh networking linux

I am trying to put my multi-hop ssh command into the ssh .ssh/config file.

This is my connection graph: laptop (i am here) ------> userver -------> workstation

I have put the ssh public rsa keys into 'userver' and 'workstation'. At this moment i can connect by typing this line:

ssh -A -t userserver@userver ssh -A userworkstation@workstation

I would like however, to be able to use the capabilities of the config file in ~/.ssh/config to reach the same effect but using one simple command, which would also allow me to do fast copy with 'scp'. The only problem is that 'userver' does not have the "nc" command and i do not have superuser there, just control of my home folder. Nevertheless, i tried some things:

I've have this config file in my laptop (~/.ssh/config):

# laptop config file
Host userver
Hostname userver_hostname
port 22
User server_user

Also another config file in the userver (~/.ssh/config)

# userver config file
Host workstation
Hostname workstation_hostname
port 22
user workstation_username

With this config files i can connect as

ssh -A -t userver ssh -A workstation

which is an improvement, but not sufficient. I tried adding another host in my laptops config, like this:

Host hop
ProxyCommand ssh -A -t userver ssh -A workstation

Then, when i do

ssh hop

i get the following output with errors and cannot connect:

Pseudo-terminal will not be allocated because stdin is not a terminal.
Pseudo-terminal will not be allocated because stdin is not a terminal.
-bash: line 1: $'SSH-2.0-OpenSSH_6.4\r': command not found

Any ideas?


Solution 1:

The command you are in need of is ProxyCommand.

You should put into your .ssh/config file these lines:

  Host userver
  HostName userver.example.com
  .........    

  Host workstation 
  ProxyCommand ssh -q userver nc -q0 workstation 22

Now you can connect to the pc workstation by means of 

  ssh worksation

If this is not clear, or you want more details, I suggest you read this excellent introduction to ssh multi-hopping.

Edit:

you can always define an alias: in your /home/your_name/.bashrc file, add this line:

  alias ssh_workstation='ssh -A -t userver ssh -A -X workstation'

(I have inserted the -X option so you can run graphical applications on the remote server, an see them locally; if you don't want this, just drop the -X).

Solution 2:

I found the following solution to work much better than using netcat (nc) as in the other example. With netcat my connection was very slow and would repeatedly hang until I hit some keys. Also you don't need to have netcat installed.

Add the following to your ~/.ssh/config:

Host *
  ServerAliveCountMax 4
  ServerAliveInterval 15

Host workstation
  Hostname workstation
  User userworkstation
  ProxyCommand ssh userserver@userver -W %h:%p

Then you can ssh like this:

ssh workstation

Also note that the reason your ProxyCommand does not work is because you are not getting what ProxyCommand does. ProxyCommand must create a pipe over which ssh can make an SSL connection. In other words, the command must start a process whos stdin and stdout connect ssh to an sshd port. In your configuration, you are making an ssh connection with ProxyCommand which connects ssh to the command shell rather than to an sshd port.

Related

svchost.exe using lots of memory slowing my PC down [duplicate]
Internet Explorer 11 stopped working (on Windows 8.1)
Specific static IP settings on different WiFi
ls with glob not working in a bash script
How to git clone private repos within Vagrant VM, using host's SSH keys?
Second monitor stuck in wrong orientation
How do I join all the channels in my weechat layout?
How to disable notepad++ autocomplete
Google drive app not working in OSX Yosemite
SysInternals Desktops not launching Chrome
How to rename a default folder in the Windows user library
Access entire C drive from X source boot? [closed]