[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh to a remote server via gateway server



On 03Jun2008 10:31, lux <yuanlux gmail com> wrote:
| On Mon, Jun 2, 2008 at 4:38 PM, Cameron Simpson <cs zip com au> wrote:
| > On 02Jun2008 16:23, lux <yuanlux gmail com> wrote:
| > | > >> I have a script called "sshto" that does exactly this for multihop
| > ssh
| > | > >> connections. [...]
| > | Sounds a  very interesting tool. I gave it a try. But
| > | what is shqstr?
| > | looks a like a command, but not in my system
| >
| > Yeah, sshto shamelessly uses other scripts from that same collection.
| > Shqstr quotes strings for handing to eval/sh/remote-ssh intact.
| > The simplest thing is to go to:
| >   http://www.cskk.ezoshosting.com/cs/css/
| > and download the tarball, unpack into /opt/css. [...]
| 
| Thanks a lot, I will try it.

Cool. The purpose of sshto is that it knows how to construct the right
proxycommand for you:-)

Oh yes, you will probably need the "nc" command (netcat) on the gateway
machine. Or the target machine, at the expense of an extra hop - I'll
elaborate on that if you turn out to need it. This is because, if sshto
uses proxycommand (i.e. it is multihop), it uses "nc host 22" to do the
final connection to the target ssh daemon (on labpc in your case).

| I followed your hint of ProxyCommand
| here is the .ssh/config file:
| 
| Host labpc
|         ProxyCommand ssh  lux gw -t -w 3 labpc 22
| 
| When
| 
| ssh labpc
| 
| I got two layers of prompt for login. there were possible outputs:
| 
| 1st, sometime, I got login to labpc , but it last 1 or 2 seconds, and get
| discconetctd with this message:Connection to labpc closed by remote host.
| 
| the 2nd output is failure to login and got this message:
| Write failed: Broken pipe
| 
| any suggest? thanks

Yes. Start an ssh-agent, add your key to it, add forwardagent to your
ssh config file. Then no prompting will be needed. Pretty much all batch
or multihop stuff will need an agent to avoid prompting for passwords.

Also, always put ssh options before the "user host", it is less
ambiguous. Eg:

  ProxyCommand ssh -t -w 3 lux gw

You should not need (and in fact should probably _avoid_) the -t option
for the proxy command - it really should not use a terminal. I have not
used the -w options myself, and again they should not be in the
proxycommand, they should be in your upper-level ssh that _uses_ the
proxycommand. I don't know why you have "labpc 22" on the end of that.

A guess:

  Host labpc
    ProxyCommand ssh lux gw

but be sure to set up ssh-agent first.

Cheers,
-- 
Cameron Simpson <cs zip com au> DoD#743
http://www.cskk.ezoshosting.com/cs/

Sue Ralph Nader, too, he was supposed to have prevented this kind of thing by
now.  Oh, and my fee is 40%     - Ed "gettabike" Green, rec.motorcycles


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]