My goal is, if possible, to connect through

$ ssh end-host

Because I need an ssh connection to tunnel to for a connection to mysql, which end-point can make but hop-host can not.


I'm actually looking at a way to have .ssh/config allowing me to do

ssh end-host

When behind the scene it would do

ssh -t hop-host ssh end-host

When the action behind the scene is

Macbook -> hop-user@hop-host (id_rsa authentication) -> end-host-user@end-host (id_rsa authentication)

Where end-host, end-host-user and identity file to end host are know and defined in /home/hop-user/.ssh/config on the hop-host.

Macbook ~/.ssh/config

Host hop-host
    User hop-user
    Hostname valid.tested.public.ip.address.to.hop.host
    IdentityFile ~/.ssh/id_rsa

Host end-host
    HostName end-point-hostname-as-defined-on-hop-host
    ProxyCommand ssh -W %h:%p hop-host

Hop host Cent OS ~/.ssh/config for hop-user

Host end-point-hostname-as-defined-on-hop-host
    HostName valid.tested.internal.ip.address.to.end.host
    User end-host-user
    IdentityFile ~/.ssh/keys/endhost

Limitation to be aware of : I cannot change any config on hop/end hosts and I don't have nc installed on those.

Current problem with the given configuration

$ ssh end-host
channel 0: open failed: administratively prohibited:
open failed ssh_exchange_identification: Connection closed by remote host

Thing that works :

$ ssh -t hop-host ssh end-point-hostname-as-defined-on-hop-host

correctly prompt me end-host-bash$ and allows me to do anything I want from there

Things that does not work or works partially and that I tried

1) Changing Macbook ~/.ssh/config end-host config for HostName and User

Host end-host
    HostName valid.tested.internal.ip.address.to.end.host
    User end-host-user
    ProxyCommand ssh -W %h:%p hop-host

$ ssh end-host
end-host-user@valid.tested.internal.ip.address.to.end.host's password:

Which I obviously don't have. And I guess it is because hop-host's .ssh/config is not red.

2) Changing Macbook ~/.ssh/config end-host config for ProxyCommand

Host end-host
    ProxyCommand ssh -t hop-host ssh end-point-hostname-as-defined-on-hop-host

$ ssh end-host
Pseudo-terminal will not be allocated because stdin is not a terminal.
Pseudo-terminal will not be allocated because stdin is not a terminal.
: command not found2.0-OpenSSH_6.2
^CKilled by signal 2.

bash returns me a possibility to type in but there is no display of my commands.
I understand that is because there is a call to -o ProxyCommand="the command in .ssh/config in the right host" behind the scene but I may be lacking to understand how it actually works.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Browse other questions tagged or ask your own question.