To ssh into a remote station I do the following:
ssh -L 4001:connect.iop.kcl.ac.uk:4000 username1#cana.host.institution
I'm then asked for a password which I enter, and I then do:
ssh -YX username2#otherserver.other.institution
and am asked for another password, after which I am where I want to be.
I want to set this up in vs code using the Remote-SSH extension but am running into difficulty
When I try and add the first step (ssh -L 4001:connect.iop.kcl.ac.uk:4000 username1#cana.host.institution), my config file looks as follows:
Host cana.iop.kcl.ac.uk
HostName cana.iop.kcl.ac.uk
LocalForward 4001:connect.iop.kcl.ac.uk:4000
User dmzromc
But when I try and connect I get the following error:
[16:23:45.992] Log Level: 3
[16:23:45.993] remote-ssh#0.49.0
[16:23:45.994] darwin x64
[16:23:45.995] SSH Resolver called for "ssh-remote+cana.host.institution", attempt 1
[16:23:45.995] SSH Resolver called for host: cana.host.institution
[16:23:45.995] Setting up SSH remote "cana.host.institution"
[16:23:46.020] Using commit id "78a4c91400152c0f27ba4d363eb56d2835f9903a" and quality "stable" for server
[16:23:46.023] Install and start server if needed
[16:23:46.031] Checking ssh with "ssh -V"
[16:23:46.071] > OpenSSH_7.9p1, LibreSSL 2.7.3
[16:23:46.075] Running script with connection command: ssh -T -D 55893 -o ConnectTimeout=15 cana.iop.kcl.ac.uk bash
[16:23:46.364] > /Users/user1/.ssh/config line 15: Missing target argument.
[16:23:46.364] Got some output, clearing connection timeout
[16:23:46.835] "install" terminal command done
[16:23:46.835] Install terminal quit with output: /Users/user1/.ssh/config line 15: Missing target argument.
[16:23:46.836] Received install output: /Users/user1/.ssh/config line 15: Missing target argument.
[16:23:46.837] Stopped parsing output early. Remaining text: /Users/user1/.ssh/config line 15: Missing target argument.
[16:23:46.837] Failed to parse remote port from server output
[16:23:46.838] Resolver error:
[16:23:46.842] ------
Any advice much appreciated
I had the same issue when forwarding a database port and fixed it by manually editing my ssh config as follows:
BEFORE (using the problematic config that VSCode auto generates)
Host mysshhost
HostName mysshhost
LocalForward 5432:mydatabaseservername:5432
User myuserid
AFTER (works for me)
Host mysshhost
HostName mysshhost
LocalForward localhost:5432 mydatabaseservername:5432
User myuserid
So in your case, the config should look something like:
Host cana.iop.kcl.ac.uk
HostName cana.iop.kcl.ac.uk
LocalForward localhost:4001 connect.iop.kcl.ac.uk:4000
User dmzromc
Related
I use Portable Git x64 on Windows. I run everything thought Git Bash. I need to ssh to a server which is reachable only via HTTP proxy. Authentication for server is via pubkey, authentication for proxy is via password, usernames are different. My ~/.ssh/config:
Host server
Hostname server_hostname
User server_username
IdentityFile ~/.ssh/id_rsa
ProxyCommand /c/PortableGit/mingw64/bin/connect.exe -H proxy_username#proxy_ip:12345 %h %p
The problem starts when ssh tries to pop-up the window where you need to enter a password for the HTTP proxy, log from ssh -vvv server:
$ ssh -vvv server
OpenSSH_7.9p1, OpenSSL 1.1.1a 20 Nov 2018
debug1: Reading configuration data /c/Users/username/.ssh/config
debug1: /c/Users/username/.ssh/config line 1: Applying options for server
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Executing proxy command: exec /c/PortableGit/mingw64/bin/connect.exe -H proxy_username#proxy_ip:12345 server_hostname 22
debug1: identity file /c/Users/username/.ssh/id_rsa type 0
debug1: identity file /c/Users/username/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
'C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass' is not recognized as an internal or external command,
operable program or batch file.
FATAL: Cannot decide password for proxy authentication.ssh_exchange_identification: Connection closed by remote host
git-gui--askpass is there, but for some reason it's not picked up by ssh. Running file 'C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass' gives:
$ file 'C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass'
C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass: POSIX shell script, ASCII text executable
Content of the git-gui--askpass is identical to https://github.com/git/git/blob/3bab5d56259722843359702bc27111475437ad2a/git-gui/git-gui--askpass
I tried to run this script via command line, it works fine:
Also, I tried to specify another program as SSH_ASKPASS=/mingw64/libexec/git-core/git-askpass.exe (which I assume a stupid thing to do). This does not work either:
...
fatal: failed to acquire credentials.
I tried to supply a password in ~/.ssh/config as:
ProxyCommand /c/PortableGit/mingw64/bin/connect.exe -H proxy_username:proxy_password#proxy_ip:12345 %h %p
^^^^^^^^^^^^^^^
but this is ignored by ssh.
Besides, I tried to connect via MobaXterm and this works completely fine -- I've been asked for a proxy password and after entering it I am connected. Also, after connecting in MobaXterm I can connect in command line since the proxy does not ask for a password for some time. But for a different reason I cannot use MobaXterm.
Any ideas on how to make it work?
Utility connect.exe works with HTTP_PROXY_USER and HTTP_PROXY_PASSWORD environment variables. Solution found in source code
Try keeping your password in your ~/.ssh/config file and add
unset SSH_ASKPASS
To your .bashprofile
I add LocalForward in the .ssh/config file for connecting to the MongoDB on a Ubuntu 14 server.
LocalForward 27017 loccalhost:27017
When I connect to the MongoDB, there is an error message:
channel 9: open failed: administratively prohibited: open failed
However, it works when I use ssh -L in bash
ssh -L 27017:localhost:27017
Is there any difference between these two methods? Can I make it work with the .ssh/config file?
We have a RHEL 7 remote server where I created a dummy user called gitlabci.
While SSH'd into the remote server, I generated a public-private key pair (for use when grabbing files from GitLab)
Uploaded the public key as a deploy key for use later when we get our CI set up
Generated another public-private key pair in my local machine (for use when SSH'ing into the remote server from the GitLab Runner)
Added the public key to the remote server's authorized_keys
Added the private key to the project's CI environment variables
The idea is when the CI runs, the GitLab runner will SSH into the remote server as the gitlabci user I created then fetch the branch into the web directory using the deploy keys.
I thought I have set up the keys properly but whenever the runner tries to SSH, the connection gets refused.
$ which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )
...
$ eval $(ssh-agent -s)
Agent pid 457
$ echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
Identity added: (stdin) (GitLab CI)
$ mkdir -p ~/.ssh
$ chmod 700 ~/.ssh
$ [[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
$ ssh gitlabci#random.server.com
Pseudo-terminal will not be allocated because stdin is not a terminal.
ssh: connect to host random.server.com port 22: Connection refused
ERROR: Job failed: exit code 1
When I tried to SSH into the remote server via GitBash on my local machine using the key pair I generated it did work.
$ ssh -i ~/.ssh/gitlabci gitlabci#random.server.com
Last login: Mon Nov 4 13:49:59 2019 from machine01.work.server.com
ssh: connect to host random.server.com port 22: Connection refused
"Connection refused" means that the ssh client transmitted a connection request to the named host and port, and it received in response a so-called "reset" packet, indicating that the remote server was refusing to accept the connection.
If you can connect to random.server.com from one host but get connection refused from another host, a few possible explanations come to mind:
You might have an entry in your .ssh/config file which substitutes a different name or address for random.server.com. For example, an entry like the following would cause ssh to connect to random2.server.com when you request random.server.com:
Host random.server.com
Hostname random2.server.com
The IP address lookup for "random.server.com" is returning the wrong address somehow, so ssh is trying to connect to the wrong server. For example, someone might have added an entry to /etc/hosts for that hostname.
Some firewall or other packet inspection software is interfering with the connection attempt by responding with a fake reset packet.
I'm trying to setup a an ssh tunnel with remote port forwarding. The idea is the have a VPS act as a means to ssh into remote deployed systems (which currently incorporate a Raspberry Pi). Everything seems to work, but I run into issues when trying to move all arguments into the ~/.ssh/config file.
what does work is the setting of the HostName, User, Port and IdentityFile. However setting the RemoteForward parameter does not seem to work.
The following works:
ssh -R 5555:localhost:22 ssh-tunnel
How ever when using the following line in the config file;
Host ssh-tunnel
...
RemoteForward 5555 localhost:22
The following command returns the message "Bad remote forwarding specification 'ssh-tunnel'"
ssh -R ssh-tunnel
Obvious I found the answer almost immediately after posting the question. Using the -R flag requires you to set the remote forwarding in the command line call. However because remote forwarding is set in the config file you shouldn't add it to the command. However something confusing occurs in that aside from setting up the tunnel you also ssh into the remote server. To avoid this add the -f and the -N flag. This results in the following command:
ssh -f -N ssh-tunnel
I'm trying to create a node on a remote host(I've already created a domain).
I'm running the command:
asadmin -p <port_number> create-node-ssh --nodehost <remote_hostname> --installdir <glassfish_installed_dir_path> <node_name>
and getting the following error everytime:
remote failure: Warning: some parameters appear to be invalid.
SSH node not created. To force creation of the node with these parameters rerun the command using the --force option.
Could not connect to host <hostname> using SSH.
There was a problem while connecting to <hostname>:22
Key exchange was not finished, connection is closed.
Command create-node-ssh failed.
From the error it seems that there is some connection problem. But I can ssh to the target server and I'm using the same key_pair.
After searching for some solution (link1, link2) I found that trying to login through ssh without password could solve this.
But no luck. Now I can ssh to & from the target server without password as well. But this issue is still there.
What should I check for, in order to resolve this ?
Let me know if I'm missing out anything.
Can you try to start sshd daemon in debug mode to a different port at the remote node host:
sudo sshd -D -d -e -p 23
and try create-node-ssh command against that ssh port?:
asadmin -p <port_number> create-node-ssh --nodehost <remote_hostname> --installdir <glassfish_installed_dir_path> --sshport 23 <node_name>
I had an issue regarding glassfish ssh exchange keys because of ssh newer versions deprecating older algorithms:
Unable to negotiate with X.X.X.X port XXXXX: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
My solution was to add legacy keys to /etc/ssh/sshd_config:
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes128-cbc
Even if this is not your case, sshd debug will surelly give you more information.