Host pika
User <username_1>
Hostname <pika_hostname>
IdentityFile ~/.ssh/id_ed25519
Host pika_node
User <username_2>
HostName <pika_node_hostname>
ProxyJump pika
IdentityFile ~/.ssh/id_ed25519
As you can see on the above .ssh/config, I use ProxyJump in order to connect on a server. This is practice because I can just do ssh pika_node. Now, for some reasons, I need to connect on that same server using ssh <username>#<pika_node_hostname> without entering a password. For now, if I enter the previous command in the terminal, I just got a Connection Timed Out issue. How can I fix that?
Are you trying different users or same user?
If you are trying diffrent users, plz remember to export id_ed25519 on the target pik_node for that user!
Related
My organisation makes us connect to our AWS environments using a "bastion" host so my openssl .ssh config file looks a bit like this:
Host bastion.*.c1.some.com
User bastionuser
ProxyCommand none
StrictHostKeyChecking no
ForwardAgent yes
Host *.c1.some.com 12.345.* 456.12.1.*
User awsuser
StrictHostKeyChecking no
ForwardAgent yes
ProxyCommand ~/.ssh/proxy_command.sh %h %p
I want to use an ssh client built into the CLion IDE to connect to my AWS environment but it does not support this kind of configuration.
Can I setup a port forward using openssl and then establish an ssh connection over that tunnel from within CLion?
I was able to setup a port forward using PuTTY and afterwards I was able to establish a second ssh connection over the port forward using Intellij. For some reason I couldn't establish the second ssh connection over the OpenSSH port forward, perhaps because the Git Bash environment is sandboxed or something?
Presumably this will also work with any other SSH client that doesn't support tunneling out of the box.
I've never connected to a remote server before. I want to connect to my company's remote server then jump to another IP address.
I followed VS Code Guide here and connected to the server, but I'm not sure how to jump to the IP address.
Could anyone help me? Thanks a lot!
I've managed to get it working using the ProxyCommand option, as described in the VSCode Remote SSH Tips & Tricks page, as chocolatte's answer didn't work for me with VSCode 1.51.1:
# Jump box with public IP address
Host jump-box
HostName <Jump-Box-IP>
User <Your-Jump-Box-User-Name>
IdentityFile path/to/.ssh/id_rsa
# Target machine with private IP address
Host target-box
HostName <IP address of target>
User <Your-Private-Machine's-User-Name>
IdentityFile path/to/.ssh/id_rsa
ProxyCommand ssh -q -W %h:%p jump-box
Note: you can use the same IdentityFile for both hosts
Update: After a while this stopped working. What solved this issue is changing ssh to ssh.exe:
ProxyCommand ssh.exe -q -W %h:%p jump-box
I figured it out.
I wanted to connect to my company's private server. In order to do that, I must connect to my company's host server. When I'm in the host server, I have to connect to a private server (sorry for not phrasing my question in a clearer sense).
I'm leaving my solution here for future reference.
In VS Code, do F1 (fn+F1 on Mac) -> Remote-SSH: Connect to Host -> Configure SSH Host -> /Users//.ssh/config.
From there, edit the config file as follows:
Host <host-name>
HostName <IP-address>
Port <specify-port-number-here>
User <user-name>
### The Remote Host
Host <private-server-name>
HostName <IP-address>
Port <specify-port-number-here>
User <user-name>
ProxyJump <host-name>
Save the config file and connect to the private server by F1 -> Remote-SSH: Connect to Host -> private-server-name
I'm on my work computer, which is already [successfully] configured to connect to our GitHub account and authenticate our commits using SSH and GPG keys, respectively. Before I began changing things, my original ~/.ssh/config file was this:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
To add my personal account, I generated a new SSH key (~/.ssh/id_rsa_personal), added the .pub part to my personal GitHub account, and modified my ~/.ssh/config file to the following:
# Default
Host *
AddKeysToAgent yes
UseKeychain yes
# Personal
Host github.com-PERSONAL
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_personal
# Work
Host github.com
HostName github.com
IdentityFile ~/.ssh/id_rsa
After this change, I am still able to interact with my work account without a problem – nothing has changed. However, when I attempt to interact with my personal account using
git clone git#github-PERSONAL:nikblanchet/myrepository.git
, I am getting an error message:
Cloning into 'myrepository'...
ssh: Could not resolve hostname github-personal: nodename nor servname provided, or not known
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
To narrow down the issue, I decided to try a simple SSH authentication
ssh -T git#github.com-PERSONAL
, and, surprisingly, it worked!
Hi nikblanchet! You've successfully authenticated, but GitHub does not provide shell access.
(Running ssh -T git#github.com authenticated with my work account, as expected.)
So now I'm lost. Why can ssh -T resolve the hostname while git clone cannot? What did I miss?
You URL should be:
github.com-PERSONAL:nikblanchet/myrepository.git
You tried first
git#github-PERSONAL:nikblanchet/myrepository.git
That is why it was not able to resolve github-PERSONAL, which is not in your config file.
github.com-PERSONAL is.
Note: no need to add the git# part: your config file does specify the User git already.
I am running Ansible on my machine. And my machine does not have ssh access to the remote machine. Port 22 connection originating from local machine are blocked by the institute firewall. But I have access to a machine (ssh-tunnel), through which I can login to the remote machine. Now is there a way we can run ansible playbook from local machine on remote hosts.
In a way is it possible to make Ansible/ssh connect to the remote machine, via ssh-tunnel. But not exactly login to ssh-tunnel. The connection will pass through the tunnel.
Other way is I can install ansible on ssh-tunnel, but that is not the desired and run plays from there. But that would not be a desired solution.
Please let me know if this is possible.
There are two ways to achieve this without install the Ansible on the ssh-tunnel machine.
Solution#1:
Use these variables in your inventory:
[remote_machine]
remote ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_ssh_user='username' ansible_ssh_private_key_file='/home/user/private_key'
hope you understand above parameters, if need help please ask in comments
Solution#2:
Create ~/.ssh/config file and add the following parameters:
####### Access to the Private Server through ssh-tunnel/bastion ########
Host ssh-tunnel-server
HostName x.x.x.x
StrictHostKeyChecking no
User username
ForwardAgent yes
Host private-server
HostName y.y.y.y
StrictHostKeyChecking no
User username
ProxyCommand ssh -q ssh-tunnel-server nc -q0 %h %p
Hope that help you, if you need any help, feel free to ask
No request to install ansible on the jump and remote servers, ansible is ssh service only tool :-)
First make sure you can work it directly with SSH Tunnel.
On local machine (Local_A), you can login to Remote machine (Remote_B) via jump box (Jump_C).
login server Local_A
ssh -f user#remote_B -L 2000:Jump_C:22 -N
The other options are:
-f tells ssh to background itself after it authenticates, so you don't have to sit around running something on the remote server for the tunnel to remain alive.
-N says that you want an SSH connection, but you don't actually want to run any remote commands. If all you're creating is a tunnel, then including this option saves resources.
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.
There will be a password challenge unless you have set up DSA or RSA keys for a passwordless login.
There are lots of documents teaching you how to do the ssh tunnel.
Then try below ansible command from Local_A:
ansible -vvvv remote_B -m shell -a 'hostname -f' --ssh-extra-args="-L 2000:Jump_C:22"
You should see the remote_B hostname. Let me know the result.
Let's say you can ssh into x.x.x.x from your local machine, and ssh into y.y.y.y from x.x.x.x, while y.y.y.y is the target of your ansible playbook.
inventory:
[target]
y.y.y.y
playbook.yml
---
- hosts: target
tasks: ...
Run:
ansible-playbook --ssh-common-args="-o ProxyCommand='ssh -W %h:%p root#x.x.x.x'" -i inventory playbook.yml
I cannot for the life of me figure out why my SSH config is forwarding the wrong key. I have two keys, we'll call them home_rsa and work_rsa. I have done the following:
eval `ssh-agent`
ssh-add -K ~/.ssh/home_rsa
ssh-add -K ~/.ssh/work_rsa
Here is my ~/.ssh/config file:
Host home
ForwardAgent yes
HostName home.com
IdentityFile ~/.ssh/home_rsa
IdentitiesOnly yes
User home
Host work
ForwardAgent yes
HostName work.com
IdentitiesOnly yes
IdentityFile ~/.ssh/work_rsa
User work
Host bitbucket
IdentityFile ~/.ssh/home_rsa
Host bitbucket-work
IdentityFile ~/.ssh/work_rsa
Host bitbucket*
HostName bitbucket.com
User git
When I run the following…
ssh work
ssh git#bitbucket.org
…Bitbucket reports that I'm using my home user, though I'm clearly logged into my work server and should be forwarding my work key. If I add my SSH identities in the reverse order and run the same code above, Bitbucket reports I'm using my work user. Running ssh-add -l from my work server, I see that both SSH keys are being forwarded, but isn't that the job of IdentitiesOnly yes?
Really confused as to what's going on here.
Really confused as to what's going on here.
ForwardAgent option forwards the connection to your agent, with all the keys inside and does not forward your local ~/.ssh/config to remote host. What you do on the work host is controlled by your configuration on that host.
What are you trying to do with that?
You need to update your ssh keys with their equivalent bitbucket account first at their website (work user with work_rsa, user with user_rsa). Then maybe this could help.
Host bitbucket-work
HostName bitbucket.org
IdentitiesOnly yes
IdentityFile ~/.ssh/work_rsa
User work
Usage:
ssh bitbucket-work
sshbitbucket
As written in the accepted answer, selecting keys used for authentication is not related to what keys are forwarded. Separate ssh-agents are needed. Luckily that is easily configured.
From ssh-agent (1) we can learn that it takes a -a option to specify bind_address, and ssh_config (5) tells that ForwardAgent can be set to what turns out to be the same value.
Prepare your agents:
eval `ssh-agent -a ~/.ssh/home.agent`
ssh-add ~/.ssh/home_rsa
eval `ssh-agent -a ~/.ssh/work.agent`
ssh-add ~/.ssh/work_rsa
unset SSH_AUTH_SOCK SSH_AGENT_PID
Configure your ssh:
Host work
HostName work.example.com
ForwardAgent ~/.ssh/work.agent
IdentityAgent ~/.ssh/work.agent
Host home
HostName home.example.com
ForwardAgent ~/.ssh/home.agent
IdentityAgent ~/.ssh/home.agent
That should completely separate home and work keys. Setting IdentityAgent to a different value than ForwardAgent is left as an exercise for someone exposed to a threat level calling for such complexity.