ProxyCommand with sudo

5

I'm trying to set up SSH so that I can easily log into an server that is accessible only via a sudo to an intermediate server.

From the command line, logging into it is of the form:

sudo -u admin ssh destination.server.com

This works without problems -- fair enough. However, the following variants do not work in a ProxyCommand:

ProxyCommand sudo -u admin ssh destination.server.com

Pseudo-terminal will not be allocated because stdin is not a terminal.

ProxyCommand sudo -u admin ssh -t -t destination.server.com

tcgetattr: Invalid argument

This last variant appears to actually exchange information with the destination server, but then it hangs:

OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /home/me/.ssh/config
debug1: Applying options for destination
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec sudo -u admin ssh -t -t destination.server.com
debug1: identity file ...
debug1: identity file ...
debug1: identity file ...
debug1: loaded 3 keys
tcgetattr: Invalid argument
debug1: ssh_exchange_identification: Last login: Fri Jan  4 22:48:26 2013 from intermediate.server.com

I have the feeling that there is something I'm missing in the sudo / ssh interaction inside a ProxyCommand, but haven't been able to figure it out.

brool

Posted 2013-01-04T23:01:40.907

Reputation: 159

Won't something like ProxyCommand ssh admin@destination.server.comwork? Why is sudo necessary? – terdon – 2013-01-04T23:18:29.817

admin is set up with a public/private key pair – brool – 2013-01-04T23:31:18.367

Couldn't you just encrypt the private key? The passphrase would serve the same purpose as the sudo password. – Dennis – 2013-01-05T00:02:26.333

Answers

-1

If you want ease of typing:

alias dest_on_server='sudo -u admin ssh destination.server.com'

then dest_on_server gets you there. Of course, replace dest_on_server with whatever short name you want.

The next alternative is ssh in the long way and add your own public key in the $HOME/.ssh/authorized_keys file. Make note of the user id, then ssh user_id@destination.server.com.

strobelight

Posted 2013-01-04T23:01:40.907

Reputation: 473

not at all comprable with an ssh config with a proxycommand. – Daniel Farrell – 2018-08-15T19:46:37.200

Asked: 2013-01-04T23:01:40.907

Viewed: 1 685 times

Active: 2016-09-21T23:45:12.173