In my ssh config, I have
Host jumpHostNick
HostName jumphost.com
User username
Host finalHostNick
User username
ProxyCommand ssh jumpHostNick nc finalHostURL 22
I would like to supplement this by having it run tmux attach -d when it gets to the final host. Is that possible?
Use -W rather then the netcat:
Host jumpHostNick
HostName jumphost.com
User username
Host finalHostNick
User username
ProxyCommand ssh -W finalHostURL:22 jumpHostNick
If you want to run tmux attach -d, you should also add to the finalHostNick:
RequestTTY yes
and then connect using ssh finalHostNick -t tmux attach -d, or just setup bash alias:
alias ssh-final='ssh finalHostNick -t tmux attach -d'
in your ~/.bashrc
Related
I have a ssh command as below:
ssh -o ProxyCommand="ssh ubuntu#ip_addr -W %h:%p" ubuntu#ip_addr2 -L port:ip_addr3:port
I want to create a config file for this command, but I don't know what is the option of -L, here is my config file so far:
Host cassandra-khatkesh
User ubuntu
Hostname ip_addr2
ProxyCommand ssh ubuntu#ip_addr -W %h:%p
Anyone knows how can I add -L to config file?
-L corresponds to the LocalForward keyword.
Host cassandra-khatkesh
User ubuntu
Hostname ip_addr2
ProxyCommand ssh ubuntu#ip_addr -W %h:%p
LocalForward port ip_addr3:port
Note that the local and remote endpoints are specified separately, not as single :-delimited string.
I want to have an scp command over a Jumphost to the targetserver. Both, the Jumphost and the targetserver, require an key for the login.
If there would be no key required, I think this command would work:
scp -o ProxyJump=usernameJumpserver#ipJumpserver filename usernameTargetserver#ipTargetserver:/path/filename
So, including a key, I get to this command:
scp -i /pathOnMyClient/key -o ProxyJump=usernameJumpserver#ipJumpserver filename usernameTargetserver#ipTargetserver:/path/filename
Then I get the error "usernameTargetServer#ipTargetserver: Permission denied (publickey)."
I can't add the (probably?) required -i /pathJumpserver/key to it. How does it work?
as you cannot enter the password of your ssh key at the jumphost I suggest to load your key into your local ssh-agent and then use one of:
> scp -o ProxyJump=user#jump.host localfile user#target.host:
> scp -o ProxyJump=user#jump.host user#target.host:file localdir
this works for me!
HTH
Stefan K.
So we have:
LocalHost
JumpHost
DestinationHost
On LocalHost, in ~/.ssh/config add:
Host JumpHost
User JumpHostUser
IdentityFile ~/.ssh/id_rsa
# other optional settings:
# Port 2222
# HostName 192.168.0.1
Host DestinationHost
User DestinationHostUser
IdentityFile ~/.ssh/id_rsa_jumphost
And you can use what #StefanKaerst suggested:
scp -o ProxyJump=JumpHost DestinationHost:/file /LocalFile
scp -o ProxyJump=JumpHost /Localile DestinationHost:/File
I have it aliased as
scpj='scp -o ProxyJump=JumpHost'
So I only type:
scpj DestinationHost:/file /LocalFile
You need to have all the keys in place though, both from local to jump, from jump to destination and from local to destination.
I could not get this working with ProxyJump, so I fell back to the more verbose ProxyCommand instead. This works for me for copying from A to C through B:
scp -i <path on A to key for C> \
-oProxyCommand="ssh -i <path on A to key for B> -W %h:%p <user>#B" \
/path/to/my/file <user>#C:~/
That worked for me:
scp -o ProxyJump=USER_NAME#35.1.2.3 local-File.txt 10.1.2.3:~/
Advanced ssh from windows, not much fun at all.
I've found this working.
Create a C:\Users\u.username\.ssh\config file like:
Host jumphost.server
HostName jumphost.server
User u.username
ForwardAgent yes
IdentityFile C:\Users\u.username\.ssh\id_rsa
Host * !jumphost.server
ProxyCommand ssh.exe u.username#jumphost.server -W %h:%p
IdentityFile C:\Users\u.username\.ssh\id_rsa
(replace your data for jumphost.server, as well as your username and path to ssh private key)
Then scp from final target.server is working that way (from powershell):
scp -F .\.ssh\config u.username#target.server:/path/to/file C:\Users\u.username\
or from local windows to target linux:
scp -F .\.ssh\config C:\Users\u.username\file u.username#target.server:/path/to/file
The flag -F is loading predefined config.
I want to debug another machine on my network but have to pass through one or more SSH tunnels to get there.
Currently:
# SSH into one machine
ssh -p 22 me#some_ip -i ~/.ssh/00_id_rsa
# From there, SSH into the target machine
# Note that this private key lives on this machine
ssh -p 1234 root#another_ip -i ~/.ssh/01_id_rsa
# Capture debug traffic on the target machine
tcpdump -n -i eth0 -vvv -s 0 -XX -w tcpdump.pcap
But then it's a pain to successively copy that .pcap out. Is there a way to write the pcap directly to my local machine, where I have wireshark installed?
You should use ProxyCommand to chain ssh hosts and to pipe output of tcpdump directly into wireshark. To achieve that you should create the following ssh config file:
Host some_ip
IdentityFile ~/.ssh/00_id_rsa
Host another_ip
Port 1234
ProxyCommand ssh -o 'ForwardAgent yes' some_ip 'ssh-add ~/.ssh/01_id_rsa && nc %h %p'
I tested this with full paths, so be carefull with ~
To see the live capture you should use something like
ssh another_ip "tcpdump -s0 -U -n -w - -i eth0 'not port 1234'" | wireshark -k -i -
If you want to just dump pcap localy, you can redirect stdout to filename of your choice.
ssh another_ip "tcpdump -n -i eth0 -vvv -s 0 -XX -w -" > tcpdump.pcap
See also:
https://serverfault.com/questions/337274/ssh-from-a-through-b-to-c-using-private-key-on-b
https://serverfault.com/questions/503162/locally-examine-network-traffic-of-remote-machine/503380#503380
How can I have tcpdump write to file and standard output the appropriate data?
I have been struggling with setting up a ProxyCommand to ssh through multiple hops. The issue I am having is integrating arguments in my normal ssh statement into the config file. I want to connect to IP2 via IP1. My username is greg and I am connecting using rsa. This is the one liner that will connect me:
ssh -A -t -p 22 -i ~/.ssh/private_key greg#IP1 ssh -A -t greg#IP2
I have tried a bunch of different config set ups and currently I am using:
Host ezConnect
ProxyCommand ssh %h nc IP2 22
HostKeyAlias IP2
HostName IP1
User greg
I know the issue is that it does not include the arguments I need, but wherever I try to put them it seems to break.
The reason I'm doing this is because I need to use a db GUI (navicat) to connect through a gateway server and the UI doesn't support a strait up ssh command.
Any help would be appreciated.
I figured it out so here is the correct config fie:
Host ezCon
Hostname **IP2**
User greg
ProxyCommand ssh -l greg -p 22 -i ~/.ssh/private_key **IP1** -W %h:%p
Say I SSH into a server Server1 and from there SSH into server Server2 which is only accessible from a connection to Server1. Below simulates the example terminal commands for this behaviour:
[name#mylaptop]$ ssh user#Server1
user#Server1's password:
*** Welcome to Server1! ***
[user#Server1]$ ssh user2#Server2
user2#Server2's password:
*** Welcome to Server2! ***
[user2#Server2]$
Now I have a file, named file.txt in my home directory on Server2:
[user2#Server2]$ ls
file.txt
[user2#Server2]$
Is it possible to use scp to copy file.txt from Server2 onto mylaptop with a single command (i.e. not needing to first copy the file to Server1)?
In other words, can this be done easier than the following:
[name#mylaptop]$ ssh user#Server1
user#Server1's password:
*** Welcome to Server1! ***
[user#Server1]$ scp user2#Server2:~/file.txt .
user2#Server2's password:
file.txt 100% 690 0.7KB/s 00:00
[user#Server1]$ logout
Connection to Server1 closed.
[name#mylaptop]$ scp user1#Server1:~/file.txt .
user#Server1's password:
file.txt 100% 690 0.7KB/s 00:00
[name#mylaptop]$ ls
file.txt
It's possible and relatively easy, even when you need to use certificates for authentication (typical in AWS environments).
The command below will copy files from a remotePath on server2 directly into your machine at localPath. Internally the scp request is proxied via server1.
scp -i user2-cert.pem -o ProxyCommand="ssh -i user1-cert.pem -W %h:%p user1#server1" user2#server2:/<remotePath> <localpath>
If you use password authentication instead, try with
scp -o ProxyCommand="ssh -W %h:%p user1#server1" user2#server2:/<remotePath> <localpath>
If you use the same user credentials in both servers:
scp -o ProxyCommand="ssh -W %h:%p commonuser#server1" commonuser#server2:/<remotePath> <localpath>
You can use port forwarding:
Execute
ssh -L60000:Server2:22 user#Server1
in one terminal and keep this process open.
Then in another terminal run
scp -P 60000 user2#localhost:file.txt .
(You can replace 60000 by your favourite port number)
Try the answers on ServerFault :
https://serverfault.com/questions/37629/how-do-i-do-multihop-scp-transfers.
The answers cover a variety of flavours of ssh.