Cannot setup ssh gateway

2

1

I am trying to setup a ssh gateway. I have a physical host (H) and a number of VMs on it. The host can ssh to one of the VMs (A) and then ssh to others from it (lets call it B). I have this in .ssh/config in H

Host B
  User foo
  ProxyCommand ssh foo@A nc %h %p

Now when I do ssh -vvv -l foo B on H I see this error: ssh_exchange_identification: Connection closed by remote host

cat /var/log/auth.log on A says:

Jun  7 18:54:00 ubuntu sshd[846]: Received disconnect from 192.168.129.1: 11: disconnected by user
Jun  7 18:54:00 ubuntu sshd[834]: pam_unix(sshd:session): session closed for user foo
Jun  7 18:54:11 ubuntu sudo: foo : TTY=pts/6 ; PWD=/home/foo ; USER=root ; COMMAND=/usr/bin/tail /var/log/auth.log
Jun  7 18:54:11 ubuntu sudo: pam_unix(sudo:session): session opened for user root by foo(uid=30000)

/etc/hosts.allow on A

sshd: ALL
ssh: 0.0.0.0/0.0.0.0

It seems H is saying that A closed the connection and A says that H closed the connection!

/etc/ssh/ssh_config on H

Host *
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no

What else can go wrong here?

Abhishek Chanda

Posted 2013-06-07T19:02:27.823

Reputation: 153

You using ssh keys? Your key could be wrong. Also iptables. – MattPark – 2013-06-07T20:02:31.203

ssh keys are not wrong probably. I can login using the same keys by first logging in to A. iptables on all boxes are empty. – Abhishek Chanda – 2013-06-07T21:06:21.123

Answers

1

You may want to make sure 'Host B' should not include A, if B is a pattern rather than a single host. I had to exclude A from the pattern explicitly.

Host *.example.com !gateway.example.com
  ProxyCommand ssh -q -W %h:%p user_on_gateway@gateway.example.com

Handol Park

Posted 2013-06-07T19:02:27.823

Reputation: 11

0

Try the following configuration in H host:

Host B
    ProxyCommand ssh -q -W %h:%p A

It is working for me. Just add user foo if you need:

Host B
    User foo
    ProxyCommand ssh -q -W %h:%p foo@A

And make sure that user foo exists on A and B.

september

Posted 2013-06-07T19:02:27.823

Reputation: 529

I tried this and got the same error. User foo does exist on all boxes, I can login to B from A using the same credentials. – Abhishek Chanda – 2013-06-07T21:07:25.830

What about /etc/ssh/sshd_config content on all hosts? PasswordAuthentication paremeters? etc... – september – 2013-06-07T21:22:35.770

Nothing that I noticed. Updated the question with it's contents. – Abhishek Chanda – 2013-06-07T22:46:40.280

Asked: 2013-06-07T19:02:27.823

Viewed: 264 times

Active: 2014-10-16T21:30:29.120