I need to connect to an Ubuntu SSH Host (12.34.56.78 on a different Port = 443) via a corporate proxy from my Win10 machine. This has to be done via commandline, so I can use VS Code Insiders "Remove SSH" function.
I created a ssh-key on the win10-client and added the pub-key to the authorized_keys, but it is not working:
PS C:\> ssh linuxuser#12.34.56.78 -p443 -o "ProxyCommand ssh.exe -p443 -X connect -x http://corporate-proxy:8080 %h %p" -v -o "IdentityFile C:\Users\win10user\.ssh\id_rsa"
OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
debug1: Reading configuration data C:\\Users\\win10user/.ssh/config
debug1: C:\\Users\\win10user/.ssh/config line 1: Applying options for 12.34.56.78
debug1: Executing proxy command: exec ssh.exe -p443 -X connect -x http://corporate-proxy:8080 12.34.56.78 443
debug1: identity file C:\\Users\\win10user\\.ssh\\id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\win10user\\.ssh\\id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.6
ssh_exchange_identification: Connection closed by remote host
ssh_exchange_identification: Connection closed by remote host
What am I missing?
Edit: The set path/folder has the files:
I also generated the id_rsa-cert via openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa-cert
PS M:\> ls C:\\Users\\win10user\\.ssh\
Directory: C:\Users\win10user\.ssh
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 10/29/2019 10:18 AM 167 config
-a---- 10/29/2019 10:07 AM 1766 id_rsa
-a---- 10/29/2019 10:07 AM 415 id_rsa.pub
-a---- 10/29/2019 11:02 AM 1675 id_rsa-cert
I found the solution:
ProxyCommand C:\Users\win10suer\Nmap\ncat.exe --proxy proxy:8080 %h %p
Maybe problem is in:
debug1: key_load_public: No such file or directory
Try to put key in needed directory
Related
What I want
shadowsocks connection (SOCKS5)
127.0.0.1:1080 -------> SERVEUR:YYY
(WINDOWS) (LINUX / ARCH)
/ \
ssh sshd
What works
I can ssh login on LINUX from WINDOWS through SOCKS5 proxy using Putty (proxy: SOCKS5 127.0.0.1:1080)
The problem
Visual code does not support putty !
I installed Open-ssh for windows (OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5)
and tried everything I could using ProxyCommand and ncat.exe ... nothing works ...
Ncat 7.91 for windows
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Reading configuration data C:\\Users\\laurentb/.ssh/config
debug1: C:\\Users\\laurentb/.ssh/config line 5: Applying options for home
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug1: Executing proxy command: exec C:\\Program Files (x86)\\Nmap\\ncat.exe --proxy-type socks5 --proxy 127.0.0.1:1080 127.0.0.1
debug3: spawning "C:\\Program Files (x86)\\Nmap\\ncat.exe" --proxy-type socks5 --proxy 127.0.0.1:1080 127.0.0.1
debug3: w32_getpeername ERROR: not sock :2
debug1: identity file C:\\Users\\laurentb\\.ssh\\remote_auth type 0
debug3: Failed to open file:C:/Users/laurentb/.ssh/remote_auth-cert error:2
debug3: Failed to open file:C:/Users/laurentb/.ssh/remote_auth-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\laurentb\\.ssh\\remote_auth-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
ssh_exchange_identification: Connection closed by remote host
QUESTION
Does anybody managed to log using OpenSSH_for_Windows_7.7p1 ssh through a SOCKS5 proxy and how ?
Thanks..!
I answer my question:
Since putty is working well : use Putty to forward 22 port through SOCKS5
A) proxy :
SOCKS 5
hostname : 127.0.0.1
port:1080
B ) forward port L22 127.0.0.1:22
C) ssh to 127.0.0.1:22
ssh -l "username" 127.0.0.1
You can this way use Remote Visual Studio Code through shadowsocks proxy...
Any ideas why ssh Could not resolve?
My private key is in this location:
/home/eago/.ssh
and config looks like this
Host my-host.com
HostName my-host.com
Port 22
IdentityFile /home/eago/.ssh/id_rsa
This is what i get:
$ ssh -vT gitolite#psc-app-1.superhosting.cz:dalnice_android
OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /home/eago/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
ssh: Could not resolve hostname psc-app-1.superhosting.cz:dalnice_android: Name or service not known
Use
ssh -vT gitolite#psc-app-1.superhosting.cz
You do not need to add a directory name in this case dalnice_android
It worked fine before I installed zsh to decorate my terminal. Actually I am not sure if this caused a problem.
I am getting an error saying :
ssh_exchange_identification: Connection closed by remote host
➜ ssh test_ssh
ssh_exchange_identification: Connection closed by remote host
➜ ssh -v test_ssh
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/mike/.ssh/config
debug1: /Users/mike/.ssh/config line 34: Applying options for test_ssh
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug1: Connecting to 15.164.49.113 port 7779.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mike/.ssh/key/admin.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mike/.ssh/key/admin.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: ssh_exchange_identification: HTTP/1.1 400 Bad Request
in my own case, I was able to log in from my ssh and got this error when I try to login directly to my VPS from my MacBook terminal
HOW I SOLVE THIS ERROR
ssh_exchange_identification: Connection closed by the remote host
(this always occur when you create a new user on your VPS. you will get this error because you have only ssh configuration for root, not the new user)
on your mac book terminal
type
$ cd ~/.ssh
now
~/.ssh create a config file with the following content:
$ nano config
and copy this
Host *
ForwardAgent no
ForwardX11 no
ForwardX11Trusted yes
User shapeshed
Port 22
Protocol 2
save and exit
type
$ ls
result
authorized_keys id_rsa id_rsa1.pub
config id_rsa.pub known_hosts
$ cat id_rsa.pub (to view your public key on macOS terminal )
copy your mac os terminal public key and contr X to exit (if you also use nano text editor)
now on your VPS(remote server)
make sure you are login as the new user created
user#...... not root
$ cd ~/.ssh
$ ls
note that you have just
authorized_keys known_hostsas your result ... no public key for the VPS to recognize signing in from your computer
now let's create new id_rsa.pub on our VPS
$ nano id_rsa.pub
paste your mac os id_rsa.pub you copied save and exit.
type
$ ssh -vvv user#**.**.**.**
replace ** with your IP and see your VPS logged in from your terminal without asking for a password.
bazzlylinksSolution
I am trying to login to my server through a bastion host and my configuration file is like this:
Host 10.10.10.1
User ec2-user
ProxyCommand ssh -W %h:%p xxx.xxx.xxx.xxx
IdentityFile key.pem
Host xxx.xxx.xxx.xxx
User ec2-user
IdentityFile key.pem
ForwardAgent yes
It works fine if I save this configuration in to ~/.ssh with name "config",which is the default configuration file of ssh. I can login with "ssh -v 10.10.10.1" and the debuglog is like:
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data ~/.ssh/config
debug1: /Users/twer/.ssh/config line 2: Applying options for 10.10.10.1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Executing proxy command: exec ssh -W 10.10.10.1:22 xxx.xxx.xxx.xxx
debug1: permanently_drop_suid: 501
debug1: key_load_public: No such file or directory
debug1: identity file key.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 10.10.10.1:22 as 'ec2-user'
...
But if I save the configuration somewhere else(delete the config in ~/.ssh) and login with "ssh -v -F ~/mysshconfig 10.10.10.1", It failed. the debug log is :
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data ansible-ssh.conf
debug1: ansible-ssh.conf line 1: Applying options for 10.10.10.1
debug1: Executing proxy command: exec ssh -W 10.10.10.1:22 xxx.xxx.xxx.xxx
debug1: permanently_drop_suid: 501
debug1: key_load_public: No such file or directory
debug1: identity file key.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
Permission denied (publickey).
Since I want to use ansible, I need to specify a sshconfig with this "-F" option.
Finally I figured out that I should also specify the configuration file in the ProxyCommand since it is not a default one. The configuration should be like this:
Host 10.10.10.1
User ec2-user
ProxyCommand ssh ssh -F mysshconfig -W %h:%p xxx.xxx.xxx.xxx
IdentityFile key.pem
Host xxx.xxx.xxx.xxx
User ec2-user
IdentityFile key.pem
ForwardAgent yes
Since your config file is in a different location, the relative path to the key file no longer points to the same place, so you're getting "no such file" errors when ssh tries to read your key file.
Use an absolute path instead: change key.pem to ~/.ssh/key.pem.
I was trying to configure my SSH configs for easier workflows, but I've run against a wall here.
I have a jump host which requires sudo ssh to get to all the other machines.
I've figured out that if I run ssh -tt jumphost sudo ssh desthost that I get asked for my sudo password and I get access to desthost
Now, when I add ProxyCommand ssh -tt jumphost sudo ssh %h to my ssh_config and run ssh desthost then I just get a blank connection.
Debug printout:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/deiga/.ssh/config
debug1: /Users/deiga/.ssh/config line 34: Applying options for desthost
debug1: /Users/deiga/.ssh/config line 167: Applying options for *
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/tmp/ssh-deiga#desthost:22" does not exist
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec ssh -tt jumphost sudo ssh desthost
debug1: identity file /Users/deiga/.ssh/id_rsa type -1
debug1: identity file /Users/deiga/.ssh/id_rsa-cert type -1
debug1: identity file /Users/deiga/.ssh/id_dsa type -1
debug1: identity file /Users/deiga/.ssh/id_dsa-cert type -1
debug1: permanently_drop_suid: 501
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: ssh_exchange_identification: [sudo] password for deiga:
debug1: ssh_exchange_identification: Sorry, try again.
debug1: ssh_exchange_identification: [sudo] password for deiga:
debug1: ssh_exchange_identification: sudo: 1 incorrect password attempt
This is not how the proxy command work. Basic example how you should do jumphosts is this way:
ProxyCommand ssh -W %h:%p jumphost
which doesn't support running sudo on remote machine. But you can do the same with netcat command:
ProxyCommand ssh jumphost nc %h %p
And to make it working with your sudo requirement, just add the sudo command:
ProxyCommand ssh jumphost sudo nc %h %p
If it will not help, please try to diagnose the problem with verbose logs from ssh (-vvv).