ssh multi-hop... adapting command to ssh config file

I am trying to put my multi-hop ssh command into the ssh .ssh/config file.

This is my connection graph: laptop (i am here) ------> userver -------> workstation

I have put the ssh public rsa keys into 'userver' and 'workstation'. At this moment i can connect by typing this line:

ssh -A -t userserver@userver ssh -A userworkstation@workstation

I would like however, to be able to use the capabilities of the config file in ~/.ssh/config to reach the same effect but using one simple command, which would also allow me to do fast copy with 'scp'. The only problem is that 'userver' does not have the "nc" command and i do not have superuser there, just control of my home folder. Nevertheless, i tried some things:

I've have this config file in my laptop (~/.ssh/config):

# laptop config file
Host userver
Hostname userver_hostname
port 22
User server_user

Also another config file in the userver (~/.ssh/config)

# userver config file
Host workstation
Hostname workstation_hostname
port 22
user workstation_username

With this config files i can connect as

ssh -A -t userver ssh -A workstation

which is an improvement, but not sufficient. I tried adding another host in my laptops config, like this:

Host hop
ProxyCommand ssh -A -t userver ssh -A workstation

Then, when i do

ssh hop

i get the following output with errors and cannot connect:

Pseudo-terminal will not be allocated because stdin is not a terminal.
Pseudo-terminal will not be allocated because stdin is not a terminal.
-bash: line 1: $'SSH-2.0-OpenSSH_6.4\r': command not found

Any ideas?

labotsirc

Posted 2013-12-13T15:58:44.987

Reputation: 228

Answers

The command you are in need of is ProxyCommand.

You should put into your .ssh/config file these lines:

  Host userver
  HostName userver.example.com
  .........    

  Host workstation 
  ProxyCommand ssh -q userver nc -q0 workstation 22

Now you can connect to the pc workstation by means of

  ssh worksation

If this is not clear, or you want more details, I suggest you read this excellent introduction to ssh multi-hopping.

Edit:

you can always define an alias: in your /home/your_name/.bashrc file, add this line:

  alias ssh_workstation='ssh -A -t userver ssh -A -X workstation'

(I have inserted the -X option so you can run graphical applications on the remote server, an see them locally; if you don't want this, just drop the -X).

MariusMatutiae

Posted 2013-12-13T15:58:44.987

Reputation: 41 321

-Y is prefered instead of -X for secured X11forwarding. – Lord Loh. – 2017-10-05T23:46:35.567

Hi MariusMatutiae, i tried your solution but as i said in the original post the 'userver' node lacks the program netcat (nc). So i get this error: ssh workstation bash: nc: command not found ssh_exchange_identification: Connection closed by remote host – labotsirc – 2013-12-13T17:48:24.173

Can't you install it? – MariusMatutiae – 2013-12-13T17:50:22.830

Unfortunately no, i do not have superuser on 'userver', that is why i was trying an alternate method. I dont get it, if this works "ssh -A -t userver ssh -A workstation", why the same put on ProxyCommand does not? – labotsirc – 2013-12-13T17:52:36.503

1@labotsirc I have slightly amended my answer. Hope you may find it useful. Alternatively, you may try installing netcat locally (i.e., only for you!), adding in the line Proxycommand .... the full path to your own copy of netcat. I am not sure this works, because of permissions, but you may try it. – MariusMatutiae – 2013-12-13T19:13:02.120

Copied my netcat binary, removed the -q0 option because it was giving errors, and now it works! Thanks – labotsirc – 2013-12-13T19:57:18.880

I found the following solution to work much better than using netcat (nc) as in the other example. With netcat my connection was very slow and would repeatedly hang until I hit some keys. Also you don't need to have netcat installed.

Add the following to your ~/.ssh/config:

Host *
  ServerAliveCountMax 4
  ServerAliveInterval 15

Host workstation
  Hostname workstation
  User userworkstation
  ProxyCommand ssh userserver@userver -W %h:%p

Then you can ssh like this:

ssh workstation

Also note that the reason your ProxyCommand does not work is because you are not getting what ProxyCommand does. ProxyCommand must create a pipe over which ssh can make an SSL connection. In other words, the command must start a process whos stdin and stdout connect ssh to an sshd port. In your configuration, you are making an ssh connection with ProxyCommand which connects ssh to the command shell rather than to an sshd port.

jcoffland

Posted 2013-12-13T15:58:44.987

Reputation: 197