I started two xservers: xwin.exe :0 and xwin.exe :1
If I do ssh -X remotehost then xterm opens on first X server.
How to make xterm open on second X server?
I don't have cygwin xserver to test now, but you can try :
DISPLAY=:1 ssh -X remotehost
or
DISPLAY=hostname:1 ssh -X remotehost
Related
In our environments, we have several servers in production. Every time I want to search for something, it may be in 1 of 4 different servers.
I am creating a script to automate this search, so that I directly know which server is involved.
I am connecting through a jumphost.
So far the following command works fine :
$ ssh -oProxyCommand="ssh -W %h:%p user#jumphost" user#server "ls"
Now, because I have to run this several times, I am searching for a way to only have to use the password once.
Both the jumphost and the server require the same password, and public keys are not an option (not allowed, I literally cannot do it).
I have been reading about sshpass for this and am trying this :
$ sshpass -p password ssh -oProxyCommand="ssh -W %h:%p user#jumphost" user#server "ls"
(I know -p is not safe and will use -e of -f as soon as I am successful with this step).
When I do this, I can login in both systems but the command returns before I see the result of ls.
I have tried to have the -t option to ssh without any success.
I have also tried the -J option from ssh, with the same results (command returns without returning any results).
$ sshpass -p password ssh -J user#jumphost user#server "ls"
Any suggestions?
EDIT:
Solution was to use sshpass twice :
$ sshpass -p password ssh -oProxyCommand="sshpass -p ssh -W %h:%p user#jumphost" user#server "ls"
Try running ssh in verbose mode:
ssh -vvv -oProxyCommand="ssh -W %h:%p user#jumphost" user#server "ls"
I'm sure it will show something of interest. A hook with which you can figure this out.
I can't get connection chain with ssh one liner to work.
Chain:
My PC -> jumphost -> Bastion -> my app X host(sharing subnet with Bastion)
-Jumphost expect private key A
-Bastion and X host both expect private key B
my pc> ssh -i /path_to_priv_key_for_X/id_rsa -o StrictHostKeyChecking=no -o
"ProxyCommand ssh -p 22 -W %h:%p -o \"ProxyCommand ssh -p 24 -W %h:%p
-i /path_to_key_jump/id_rsa jumphostuser#jumphostdomain\" -i
/path_to_bastion_key/id_rsa bastionuser#ip_to_bastion" myappuser#subnet_ip
Above does not work, but
ssh -i /path_to_bastion_key/id_rsa -o "ProxyCommand ssh -p 24 -W
%h:%p -i /path_to_key_jump/id_rsa jumphostuser#jumphostdomain"
bastionuser#ip_to_bastion
works, so I can access bastion with one liner, but adding app x host in the command chain does not work, wonder why?
I can step by step manually access the myapp X host like this
mypc> ssh -p 24 -i path_to_key_jump/id_rsa jumphostuser#jumphostdomain
jumphost> ssh -i /path_to_bastion_key/id_rsa bastionuser#ip_to_bastion
bastion> ssh myappuser#subnet_ip
myapp>
How to make in command line two hops over two jump hosts both requiring different key without ssh config?
Something which is working for me surprisingly well is ssh with -J option:
-J destination
Connect to the target host by first making a ssh connection
to the jump host described by destination and then establishing a TCP
forwarding to the ultimate destination from there.
In fact, I's about its feature which I was not aware of for very long time:
Multiple jump hops may be specified separated by comma characters.
So multi-hop like PC -> jump server 1 -> jump server 2 -> target server (in my example: PC -> vpn -> vnc -> ece server can be done with one combo:
$ ssh -J vpn,scs694#tr200vnc rms#tr001tbece11
Of course, most handy is to have ssh keys to open pwd-less connections (PC->vpn and vpn -> vnc and vnc -> target.
I hope it will help,
Jarek
To add to the above. My use-case was a triple-hop to a database server, which looked like Server 1 (Basic Auth) --> Server 2 (Token) --> Server 3 (Basic Auth) --> DB Server (Port Forward).
After quite a few hours of turmoil, the solution was:
ssh -v -4 -J username#server1,username#server2 -N username#Server3 -L 1122:dbserver:{the_database_port_number}
Then I was able to just have the DB client hit localhost:1122 where 1122 can be any free port number on your localhost.
In macOS 10.12.6
When ssh to a server use the follow command:
ssh -i ~/key.pem ubuntu#123.111.222.101
the connection will keep until I disconnect it manually or the computer fall asleep.
However, when I ssh to the server behind a proxy:
ssh -i ~/key.pem -o ProxyCommand='/usr/bin/nc -x 127.0.0.1:1080 %h %p' ubuntu#123.111.222.101
the connection will disconnect if I don't type any word in the terminal after 30 seconds.
Why this will happen and how to keep the connection?
P.S.: the protocol of my proxy is socks5
Add this option. This should keep the connection open
-o ServerAliveInterval=15
I want to debug another machine on my network but have to pass through one or more SSH tunnels to get there.
Currently:
# SSH into one machine
ssh -p 22 me#some_ip -i ~/.ssh/00_id_rsa
# From there, SSH into the target machine
# Note that this private key lives on this machine
ssh -p 1234 root#another_ip -i ~/.ssh/01_id_rsa
# Capture debug traffic on the target machine
tcpdump -n -i eth0 -vvv -s 0 -XX -w tcpdump.pcap
But then it's a pain to successively copy that .pcap out. Is there a way to write the pcap directly to my local machine, where I have wireshark installed?
You should use ProxyCommand to chain ssh hosts and to pipe output of tcpdump directly into wireshark. To achieve that you should create the following ssh config file:
Host some_ip
IdentityFile ~/.ssh/00_id_rsa
Host another_ip
Port 1234
ProxyCommand ssh -o 'ForwardAgent yes' some_ip 'ssh-add ~/.ssh/01_id_rsa && nc %h %p'
I tested this with full paths, so be carefull with ~
To see the live capture you should use something like
ssh another_ip "tcpdump -s0 -U -n -w - -i eth0 'not port 1234'" | wireshark -k -i -
If you want to just dump pcap localy, you can redirect stdout to filename of your choice.
ssh another_ip "tcpdump -n -i eth0 -vvv -s 0 -XX -w -" > tcpdump.pcap
See also:
https://serverfault.com/questions/337274/ssh-from-a-through-b-to-c-using-private-key-on-b
https://serverfault.com/questions/503162/locally-examine-network-traffic-of-remote-machine/503380#503380
How can I have tcpdump write to file and standard output the appropriate data?
I have an ansible playbook which connects to a virtual machine via a non-standard ssh port (forwarded to localhost) and a different user than the host user (vagrant).
The ssh port is specified in the ansible inventory:
[vms]
localhost:2222
The username given on the command line to ansible-playbook:
ansible-playbook -i <inventory from above> <some playbook> -u vagrant
The communication with the VM works correctly, however, %p always expands to 22 and %r to the host username.
Consequently, I cannot flush the SSH connection (for the user's changed group membership to take effect) like this:
- name: flush the ssh connection
command: ssh -o ControlPath="~/.ansible/cp/ansible-ssh-%h-%p-%r" -O stop {{inventory_hostname}}
delegate_to: 127.0.0.1
Am I making a silly mistake somewhere? Alternatively, is there a different way to flush the SSH connection?
The percent expand is not expanded by ansible, but by ssh later on.
Sorry, forgot to add the most important part
Using
command: ssh -o ControlPath=[...] -O stop {{inventory_hostname}}
will use default port, because you didn't specify it on the command-line. You would have to specify also the port to "flush" the connection this way:
command: ssh -o ControlPath=[...] -O stop -p {{inventory_port}} {{inventory_hostname}}
But I don't think it is needed. Ansible should clean up the connections when the playbook ends and I don't see any different reason why to do that.