I have written a ssh config file that specifies a typical jump server setting:
Host host1
HostName 11.11.11.11
User useroo
IdentityFile some/key/file
Host host2
HostName 192.11.11.10
User useroo
IdentityFile some/other/key
ProxyCommand ssh -W %h:%p host1
I can successfully connect with ssh host2 when I save this as ~/.ssh/config. However if I save the config somewhere else as xy_conf, calling ssh -F xy_conf host2 results in an error saying
ssh: Could not resolve hostname host1: Name or service not known
ssh_exchange_identification: Connection closed by remote host
Is this the expected behavior? How else can I set this config temporarily? I don't want to set it as ~/.ssh/config.
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014
Using different location for ssh_config affects only the first call of ssh, but not the second (from ProxyCommand). You need to pass the same argument to the secondssh` too:
ProxyCommand ssh -F xy_conf -W %h:%p host1
Related
I have a ssh command as below:
ssh -o ProxyCommand="ssh ubuntu#ip_addr -W %h:%p" ubuntu#ip_addr2 -L port:ip_addr3:port
I want to create a config file for this command, but I don't know what is the option of -L, here is my config file so far:
Host cassandra-khatkesh
User ubuntu
Hostname ip_addr2
ProxyCommand ssh ubuntu#ip_addr -W %h:%p
Anyone knows how can I add -L to config file?
-L corresponds to the LocalForward keyword.
Host cassandra-khatkesh
User ubuntu
Hostname ip_addr2
ProxyCommand ssh ubuntu#ip_addr -W %h:%p
LocalForward port ip_addr3:port
Note that the local and remote endpoints are specified separately, not as single :-delimited string.
If we have a following situation:
[laptop] ---- [host1] ---- [host2] ----[target]
where host1 is reachable from the my laptop machine, host2 from host1 and the target from host2 only. We have ssh credentials to both host1 and host2.
We can use the dynamic port forwarding with the following command:
ssh -N -D 127.0.0.1:8282 host1_account#host1
and that will basically create a SOCKS4 that we can use with proxychains so that command will work from the kali device:
proxychains ssh host2_account#host2
How we can make a similar (additional?) dynamic tunnel from host2 to target?
Make sure you're on OpenSSH 7.3 or later, and use SSH's ProxyJump feature: ssh -J host1_account#host1 -D 127.0.0.1:8282 host2_account#host2. That will give you an SSH session on host2, and 127.0.0.1:8282 will proxy traffic out through host2.
How to ssh directly to Remote Server, below is the details description.
Local machine ---> Jump1 ----> Jump2 ----> Remote Server
From local machine there is no direct access to Remote Server and Jump2 is disable
Remote Server can only be accessed from Jump2
There is no sshkegen to remote server we have to give the paswword manually.
from Local Machine we access the Jump1 with ip and port 2222 then from Jump 1 we access the Jump2 with host name default port 22.
With ssh/config file we were able to access the jump2 server without any problem. But my requirement is to directly access the remote server.
is there any possible way I don't mind entering the password for remote server.
Log
ssh -vvv root#ip address
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ip address [ip address] port 22.
My Config file
Host jump1
Hostname ip.109
Port 2222
User avdy
Host jump2
Hostname ip.138
Port 22
ProxyCommand ssh -W %h:%p jump1
User avdy
Host remote-server
Hostname ip.8
Port 22
ProxyCommand ssh -W %h:%p jump2
User root
Set your ~/.ssh/config:
Host Jump1
User jump1user
Port 2222
Host Jump2
ProxyCommand ssh -W %h:%p Jump1
User jump2user
Host RemoveServer
ProxyCommand ssh -W %h:%p Jump2
User remoteUser
Or with new OpenSSH 7.3:
Host RemoveServer
ProxyJump jump1user#Jump1,jump2user#Jump2
User remoteUser
Then you can connect simply using ssh RemoteServer
I would like to use a ssh_config file instead of the traditional ~/.ssh/config. I have a simple configuration for accessing hosts through a bastion host (on port 23 for example).
ssh_config :
host bastion
hostname bastion.mydomain.com
port 23
host *.server
proxycommand ssh -W %h:%p bastion
ssh -F ssh_config test.server is not working and throw me "ssh: Could not resolve hostname bastion: Name or service not known".
But, if put this config in ~/.ssh/config, then ssh test.server works.
As I understand it, the proxycommand is unable to use the config file given in the command line.
If I want my command line config file to work, I need to put
proxycommand ssh -W %h:%p bastion.mydomain.com -p 23
but this seems to violate a simple DRY principle (the port and the domain are repeated). The config file I'm willing to build is much much longer and complex.
Is there a good way to achieve what I want, i.e. a simple, non-repeating, config file usable in command line for which proxycommand works ?
Half of an answer:
Rather than using the config file recursively, try not relying on the config at all for the proxy command.
host *.server
proxycommand ssh -W %h:%p bastion.mydomain.com -p 23
This allows it to be portable, but doesn't solve your other issue of having to do this on every line, and makes changing the bastion host address a difficult process.
you need to pass proxycommand ssh -W %h:%p bastion -F [your custom ssh config]
I tried to use ssh command to connect to another remote host.
ssh -p 21098 -i $OPENSHIFT_DATA_DIR/.ssh/host_key user#domain.com
The authenticity of host '[domain.com]:21098 ([124.219.148.93]:21098)' can't be established.
RSA key fingerprint is 12:15:79:55:c6:2a:66:1e:82:94:da:19:e1:ca:21:3d.
Are you sure you want to continue connecting (yes/no)?yes
Failed to add the host to the list of known hosts (/var/lib/openshift/541b685c5973cae7bbf006f4/.ssh/known_hosts).
Connection closed by 124.219.148.93
I suppose we do not have access to home/.ssh. So how to solve this problem?
One can pass options to SSH on command line, like this:
ssh -o UserKnownHostsFile=/tmp/known_host_file -p 21098 -i $OPENSHIFT_DATA_DIR/.ssh/host_key user#domain.com
Here is related answer: ssh use known_hosts other than $HOME/.ssh/known_hosts