I a experiencing some trouble using ssh, which I can't figure out by myself.
My ~/.ssh/config file looks like this:
Host server
HostName xxx.xxx.xxx.xxx
User user
ForwardX11 yes
LocalForward 8000 127.0.0.1:8000
LocalForward 6080 127.0.0.1:6080
LocalForward 8022 192.168.122.100:22
LocalForward 7777 192.168.122.100:7777
Compression yes
ServerAliveInterval 5
ServerAliveCountMax 3
Manuel connect using ssh user#xxx.xxx.xxx.xxx works fine, yet ssh server does not because zsh "could not resolve hostname".
Do you have any ideas?
Does this problem occour because I use zsh?
Since the ssh gets called by a lot of bash scripts I am forced to use the config file.
Looks like "server" is not being resolved by DNS.
On the system you are sshing from, add something like this to /etc/hosts:
xxx.xxx.xxx.xxx server.domain.com server
Then try ssh again.
Related
I've found that when running ssh from the command line on my system is different than running it from the ~/.ssh/config file. But I'm not sure how to fix it or if its a problem with the program itself.
I have a server (blueberry.local) and a client (xps.local). Both have a user named bob. Both can resolve each-other with the host command from either box.
The server is running sshd with the following configuration (/etc/ssh/sshd_config):
UsePAM yes
Banner none
AddressFamily any
Port 22
X11Forwarding no
PermitRootLogin no
GatewayPorts no
PasswordAuthentication no
KbdInteractiveAuthentication no
PrintMotd no
AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
KexAlgorithms sntrup761x25519-sha512#openssh.com,curve25519-sha256,curve25519-sha256#libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305#openssh.com,aes256-gcm#openssh.com,aes128-gcm#openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm#openssh.com,hmac-sha2-256-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128#openssh.com
LogLevel INFO
UseDNS no
And from my client I'm running ssh with this configuration (~/.ssh/config):
Host blueberry.stark.local
Port 22
HostName blueberry.local
IdentityFile ~/.ssh/blueberry_rsa
IdentitiesOnly yes
When running ssh from the command line like this:
ssh bob#blueberry.local -i ~/.ssh/blueberry_rsa
The command works and I can successfully connect via ssh to the server.
However, when running ssh from the command line using the client configuration like this:
ssh bob#blueberry.local
I get an authentication error:
bob#blueberry.local: Permission denied (publickey).
What's going on here? I've tried to remove configuration properties and the like but it never works.
What's even stranger is that I have another client configuration just like that that works without any issues at all...
The issue is likely caused by two factors:
Based on your example command, your Host and HostName values are mixed up:
Host <this should be what you type on the CLI>
...
HostName <The real hostname of the server>
...
This means ssh isn't actually going to use any of the configuration you provided. Making the following change should work.
Host blueberry.local
Port 22
HostName blueberry.stark.local
IdentityFile ~/.ssh/blueberry_rsa
IdentitiesOnly yes
This is most likely if the following command works with the configuration you posted:
ssh bob#blueberry.starlink.local
If you expected ssh to just try all of your private keys until it found the right one, (~/.ssh/blueberry_rsa), its likely you haven't added it to your ssh-agent (you can confirm by running ssh-add -L and check the output.
by default ssh will check these paths, then any additional keys in the agent:
~/.ssh/id_rsa
~/.ssh/id_ecdsa
~/.ssh/id_ecdsa_sk
~/.ssh/id_ed25519
~/.ssh/id_ed25519_sk
~/.ssh/id_xmss
~/.ssh/id_dsa
Its likely you only have ~/.ssh/id_rsa in your agent which is what is throwing the
When in trouble, its always helpful to run ssh -vvv <rest of your command> to see whats happening under the hood 😉.
i have a question regarding port forwarding in combination with proxy jump in my ssh config:
Is it possible to make use of DynamicForward from the host used as proxy? Here's my config:
Host proxy
HostName proxy.private.com
User user
IdentityFile ~/path/to/file
DynamicForward 3000
Host target
HostName target.somewhere.com
User user
IdentityFile ~/path/to/file
ProxyJump proxy
It does not work with this config, but this would be exactly what i need.
Any tips on how to get it to work?
If there is nothing preventing you from using ProxyCommand you can most likely use this approach:
In your ~/.ssh/config file:
Host target
HostName target.somewhere.com
User target-user
IdentityFile ~/path/to/target-user-file
ProxyCommand ssh -A <proxy-user>#<proxy-host> -i <proxy-user-key> -W %h:%p
DynamicForward 3000
You can then run this command on your local machine:
ssh target -D 3000
I was able to test this by running this command locally and retreiving public IP of the target host:
curl -x socks5h://localhost:3000 https://ifconfig.me/
Usefull links I read:
More details on these use cases can be found here
Detail on this very approach can be found on this site (sadly not in english nor HTTPS)
You can probably define another Host on top to avoid having to mess with ssh parameter each time. This would be done by using CanonicalizeHostname, but I couldn't manage to it. An alias might be more interesting at that point ?
I am trying to set up an alias in my config that should give the same result as
ssh -N -L 3307:1.1.1.1:3306 username#remoteip
My current .ssh/config looks something like this.
Host connect
User username
HostName remoteip
port 22
LocalForward 3307 1.1.1.1:3306
What do I put in the above config to not start a shell?
Host connect
User username
HostName remoteip
port 22
LocalForward 3307 1.1.1.1:3306
SessionType none
sessiontype just gives Bad configuration option: sessiontype even though its documented on manual for ssh options
What version of SSH are you using (ssh -V)?
From the release notes it looks like this feature was only added in version 8.7 released in August last year. Maybe updating SSH might solve your problem?
How do I do multiple port forwarding in a .ssh/config file? On the command line, I can do:
ssh 10.0.0.10 -L 8080:127.0.0.1:8080 -L 8443:127.0.0.1:443
but when I do:
LocalForward 8080 127.0.0.1:8080
LocalForward 8443 127.0.0.1:443
in .ssh/config, it doesn't work.
The ssh_config man page says:
Multiple forwardings may be specified, and additional forwardings can be
given on the command line. Only the superuser can forward privileged ports.
Perhaps the problem is with the permissions, are you using the same user for both commands?
In my case, Host was wrongly mentioned instead of Hostname.
I set up SSH on my Ubuntu server (running XMonad) and generated a key for my laptop that I used to connect to my home server with. I also went on my wireless router and forward port 22 for SSH use. I can SSH fine when I'm at home using the standard:
ssh user#ipaddress
However when I'm outside of my local network I get this error:
ssh: connect to host xxx.xx.xx.xxx port 22: Connection refused
Everything I read says I need to either a) check that my port 22 is forward (which it is) or b) check that sshd is actually running on my Ubuntu server (which it is).
Any ideas what is preventing my SSH from working when I'm remote?
Add the following line your ssh user config file if it doesn't exits You can create the config file as shown below.
vi ~/.ssh/config
Host *
ServerAliveInterval 300
Change the permission as below:
chmod 600 ~/.ssh/config
Restart the daemon. Hope this helps.
https://serverfault.com/a/371563/617303
For me this was the cause.
In your /etc/ssh/sshd_config or /etc/ssh_ssh_config check to make sure GSSAPI Auth is disabled (set to no).
GSSAPIAuthentication no
Then restart the service or machine.