1

I'm having trouble tunneling through an ssh1 server. This is on a customer's machine and no, they won't update to ssh2.


A bit of background: I can successfully tunnel through the customer's gateway

localhost -> gateway.customer.example.com -> srv.customer.internal

using this configuration

Host gateway
    Hostname gateway.customer.example.com
    IdentityFile ~/.ssh/mykey
    ...

Host srv-tunnel
    ProxyCommand ssh gateway -W srv.customer.internal:22
    IdentityFile ~/.ssh/mykey
    ...

and then simply

$ ssh srv-tunnel

which works great and establishes the tunnel automatically, using the keyfile ~/.ssh/mykey.


I tried to use a similar config for this multi-hop tunnel:

localhost -> gateway.customer.example.com
                |
                v
             onemoregateway.customer.internal -> srv2.customer.internal

but this time the onemoregateway is running ssh 1 and does not have nc available. I can ssh to onemoregateway and the prompt tells me The only permitted commands are ssh and scp. When I try to set up a forwarding connection as above, ssh exits with error stdio forwarding require Protocol 2.

However, I can't ssh directly from onemoregateway to srv2, because the private key is only on my local machine. To make things even more complicated, I need one key for gateway, and another key for onemoregateway and srv2.

So, how can I tunnel through to srv2?

I feel that it must be possible somehow, since my colleagues did it using Putty+Pageant in Windows, but I'm on linux

1 Answer 1

0

Ok, I found a way to do it, but it seems there is no way to make the tunneling transparent.

Host gateway
    Hostname gateway.customer.example.com
    IdentityFile ~/.ssh/mykey
    ...

Host tunnel-to-srv2
    ProxyCommand ssh gateway -W onemoregateway.customer.internal
    IdentityFile ~/.ssh/myotherkey
    Protocol 1
    LocalForward 10022 srv2.customer.internal:22
    ...

Host srv2
    Hostname localhost
    Port 10022
    IdentityFile ~/.ssh/myotherkey
    Protocol 1
    ...

And now I have to do

$ ssh tunnel-to-srv2

and, finally, in a separate terminal*

$ ssh srv2

*I cant't find a way to send the tunneling ssh process to the background, not even with -fNT


Edit: turns out, the onemoregateway does indeed have nc and I can run it, but I need to use the full path /bin/nc

So, after all I have this configuration

Host gateway
    Hostname gateway.customer.example.com
    IdentityFile ~/.ssh/mykey
    ...

Host tunnel-to-srv2
    ProxyCommand ssh gateway -W onemoregateway.customer.internal
    IdentityFile ~/.ssh/myotherkey
    Protocol 1
    ...

Host srv2
    ProxyCommand ssh tunnel-to-srv2 /bin/nc srv2.customer.internal 22
    IdentityFile ~/.ssh/myotherkey
    Protocol 1
    ...

and I get transparent tunnel hopping by just running

$ ssh srv2

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .