1

I'm having trouble tunneling through an ssh1 server. This is on a customer's machine and no, they won't update to ssh2.


A bit of background: I can successfully tunnel through the customer's gateway

localhost -> gateway.customer.example.com -> srv.customer.internal

using this configuration

Host gateway
    Hostname gateway.customer.example.com
    IdentityFile ~/.ssh/mykey
    ...

Host srv-tunnel
    ProxyCommand ssh gateway -W srv.customer.internal:22
    IdentityFile ~/.ssh/mykey
    ...

and then simply

$ ssh srv-tunnel

which works great and establishes the tunnel automatically, using the keyfile ~/.ssh/mykey.


I tried to use a similar config for this multi-hop tunnel:

localhost -> gateway.customer.example.com
                |
                v
             onemoregateway.customer.internal -> srv2.customer.internal

but this time the onemoregateway is running ssh 1 and does not have nc available. I can ssh to onemoregateway and the prompt tells me The only permitted commands are ssh and scp. When I try to set up a forwarding connection as above, ssh exits with error stdio forwarding require Protocol 2.

However, I can't ssh directly from onemoregateway to srv2, because the private key is only on my local machine. To make things even more complicated, I need one key for gateway, and another key for onemoregateway and srv2.

So, how can I tunnel through to srv2?

I feel that it must be possible somehow, since my colleagues did it using Putty+Pageant in Windows, but I'm on linux

0

Ok, I found a way to do it, but it seems there is no way to make the tunneling transparent.

Host gateway
    Hostname gateway.customer.example.com
    IdentityFile ~/.ssh/mykey
    ...

Host tunnel-to-srv2
    ProxyCommand ssh gateway -W onemoregateway.customer.internal
    IdentityFile ~/.ssh/myotherkey
    Protocol 1
    LocalForward 10022 srv2.customer.internal:22
    ...

Host srv2
    Hostname localhost
    Port 10022
    IdentityFile ~/.ssh/myotherkey
    Protocol 1
    ...

And now I have to do

$ ssh tunnel-to-srv2

and, finally, in a separate terminal*

$ ssh srv2

*I cant't find a way to send the tunneling ssh process to the background, not even with -fNT


Edit: turns out, the onemoregateway does indeed have nc and I can run it, but I need to use the full path /bin/nc

So, after all I have this configuration

Host gateway
    Hostname gateway.customer.example.com
    IdentityFile ~/.ssh/mykey
    ...

Host tunnel-to-srv2
    ProxyCommand ssh gateway -W onemoregateway.customer.internal
    IdentityFile ~/.ssh/myotherkey
    Protocol 1
    ...

Host srv2
    ProxyCommand ssh tunnel-to-srv2 /bin/nc srv2.customer.internal 22
    IdentityFile ~/.ssh/myotherkey
    Protocol 1
    ...

and I get transparent tunnel hopping by just running

$ ssh srv2

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.