Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

strange problem with jump host and agent forwarding

46 views
Skip to first unread message

Kasper Peeters

unread,
Oct 14, 2009, 4:57:46 PM10/14/09
to
Hi,

I have three hosts, 'laptop', 'jumphost' and 'target'. I have key-
based login working from laptop to jumphost, and using agent
forwarding, also to target. So this works:

laptop> ssh jumphost
jumphost> ssh target
target>

and no passwords prompts ever appear. So far so good.

However, if I now try to automate this by doing

laptop> ssh jumphost exec nc target 22

I do of course get to jumphost, but then I get a message

SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1

which is coming from target. If I then hit enter I get

Protocol mismatch.

I suspect something is going wrong with the agent forwarding, but I
don't understand what.
Any ideas? Thanks!

Cheers,
Kasper

Kasper Peeters

unread,
Oct 14, 2009, 4:59:40 PM10/14/09
to
>    laptop> ssh jumphost exec nc target 22

I forgot to mention: this 'nc' is netcat version 0.7.1.

Cheers,
Kasper

Jean Figueiredo

unread,
Oct 14, 2009, 8:23:20 PM10/14/09
to Kasper Peeters
hi,

did u try ssh jumphost -t ssh target?


cheers

Kasper Peeters

unread,
Oct 15, 2009, 2:28:38 AM10/15/09
to
> did u try ssh jumphost -t ssh target?

Ah, that works! Thanks.

Is there any way to put this in a ProxyCommand? I tried

Host foobar
ProxyCommand ssh jumphost -t ssh target

but that comes back with

Pseudo-terminal will not be allocated because stdin is not a
terminal.

Cheers,
Kasper

Zbigniew Zagórski

unread,
Oct 15, 2009, 3:39:14 AM10/15/09
to
On 15 Paź, 08:28, Kasper Peeters <kasper.peet...@googlemail.com>
wrote:

>
> Is there any way to put this in a ProxyCommand? I tried
>
>    Host foobar
>    ProxyCommand ssh jumphost -t ssh target
>
> but that comes back with
>
>   Pseudo-terminal will not be allocated because stdin is not a
> terminal.

Hello,


You should use your original command as "proxy"

"ssh jumphost -t nc target 22"

I've also use proxy for "ssh over hops" and i use following
proxy:

N x [ ssh -xA -oBatchMode=yes jumphost[n] ] nc TARGET 22

It works with any (tested up to 3) number of hops provided
that you have your pub key deployed on all hops.

BR,
Zbyszek -- http://zbigg.blogspot.com/

Wolfgang Meiners

unread,
Oct 15, 2009, 4:48:54 AM10/15/09
to
Kasper Peeters schrieb:

> Hi,
>
> I have three hosts, 'laptop', 'jumphost' and 'target'. I have key-
> based login working from laptop to jumphost, and using agent
> forwarding, also to target. So this works:
>
> laptop> ssh jumphost
> jumphost> ssh target
> target>
>
> and no passwords prompts ever appear. So far so good.
>
> However, if I now try to automate this by doing
>
> laptop> ssh jumphost exec nc target 22

Maybe you dont understand what you are doing. This is the same as
1) laptop> ssh jumphost
2) jumphost> exec nc target 22

(by the way: what is exec good for?)
So what you do is to tell jumphosts nc to connect to targets sshd. And
of course, nc can't connect to a sshd. There is a Protokol mismatch.

What you want to do is somethink like

laptop> ssh -oProxyCommand="ssh jumphost nc %h %p" target

This is not easy to understand. It uses
ssh jumphost nc target targetport
as ProxyCommand to target. By default targetport is 22 if on other port
is specified. You should read, how ProxyCommand works to understand
what's going on in this setup.

Wolfgang

Wolfgang Meiners

unread,
Oct 15, 2009, 4:51:05 AM10/15/09
to
Jean Figueiredo schrieb:

> hi,
>
> did u try ssh jumphost -t ssh target?

can you have a tunnel from laptop to target this way?

Wolfgang

Jean Figueiredo

unread,
Oct 15, 2009, 7:25:07 PM10/15/09
to
no, just terminal. :)
0 new messages