5
I'm trying to set up SSH so that I can easily log into an server that is accessible only via a sudo to an intermediate server.
From the command line, logging into it is of the form:
sudo -u admin ssh destination.server.com
This works without problems -- fair enough. However, the following variants do not work in a ProxyCommand:
ProxyCommand sudo -u admin ssh destination.server.com
Pseudo-terminal will not be allocated because stdin is not a terminal.
ProxyCommand sudo -u admin ssh -t -t destination.server.com
tcgetattr: Invalid argument
This last variant appears to actually exchange information with the destination server, but then it hangs:
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /home/me/.ssh/config
debug1: Applying options for destination
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec sudo -u admin ssh -t -t destination.server.com
debug1: identity file ...
debug1: identity file ...
debug1: identity file ...
debug1: loaded 3 keys
tcgetattr: Invalid argument
debug1: ssh_exchange_identification: Last login: Fri Jan 4 22:48:26 2013 from intermediate.server.com
I have the feeling that there is something I'm missing in the sudo / ssh interaction inside a ProxyCommand, but haven't been able to figure it out.
Won't something like
ProxyCommand ssh admin@destination.server.com
work? Why issudo
necessary? – terdon – 2013-01-04T23:18:29.817admin is set up with a public/private key pair – brool – 2013-01-04T23:31:18.367
Couldn't you just encrypt the private key? The passphrase would serve the same purpose as the sudo password. – Dennis – 2013-01-05T00:02:26.333