4

I am in the exact same situation as the person who posted another question, I am trying to tunnel ssh connections through a gateway server instead of having to ssh into the gateway and manually ssh again to the destination server from there. I am trying to set up the solution given in the accepted answer there, a ~/.ssh/config that includes:

host foo
  User webby
  ProxyCommand ssh a nc -w 3 %h %p

host a
  User johndoe

However, when I try to ssh foo, my connection stays alive for 3 seconds and then dies with a Write failed: Broken pipe error. Removing the -w 3 option solves the problem. What is the purpose of that -w 3 in the original solution, and why is it causing a Broken pipe error when I use it? What is the harm in omitting it?

Community
  • 1
jrdioko
  • 567
  • 5
  • 9
  • 18

1 Answers1

5

What is the purpose of that -w 3 in the original solution

It avoids leaving orphaned nc processes running on the remote host when the ssh session is closed improperly.

and why is it causing a Broken pipe error when I use it?

Try increasing the timeout for nc to 90 and setting ServerAliveInterval to 30 to see if your problem go away:

host foo
    User webby
    ServerAliveInterval 30
    ProxyCommand ssh a nc -w 90 %h %p
quanta
  • 50,327
  • 19
  • 152
  • 213
  • Thanks, that seems to work. Could you elaborate on what ServerAliveInterval does and why my particular setup required it? – jrdioko Sep 05 '12 at 17:47
  • The "ServerAliveInterval 30" setting tells SSH to ping the server every 30 seconds. That traffic prevents netcat's 90 second timeout from killing an active connection. When you do kill the ssh connection the pings stop, allowing netcat's timeout to kill the process a few minutes later. – Michael Cramer Nov 02 '12 at 15:54