> Add some -d options to one/both ssh commands. Here is the output (I don't find a -d option). Do you see what is wrong? Thanks. ~$ ssh -v -oProxyCommand="ssh -v -W %h:%p intermediate" -Y dest OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /Users/myname/.ssh/config debug1: /Users/myname/.ssh/config line 50: Applying options for dest debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 53: Applying options for * debug1: Executing proxy command: exec ssh -v -W dest.xxx.com:22 intermediate debug1: identity file /Users/myname/.ssh/id_rsa type 1 debug1: permanently_drop_suid: 509 debug1: identity file /Users/myname/.ssh/id_rsa-cert type -1 debug1: identity file /Users/myname/.ssh/id_dsa type 2 debug1: identity file /Users/myname/.ssh/id_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /Users/myname/.ssh/config debug1: /Users/myname/.ssh/config line 142: Applying options for intermediate debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 53: Applying options for * debug1: Connecting to intermediate.xxx.com [165.91.87.71] port 22. debug1: Connection established. debug1: identity file /Users/myname/.ssh/id_rsa type 1 debug1: identity file /Users/myname/.ssh/id_rsa-cert type -1 debug1: identity file /Users/myname/.ssh/id_dsa type 2 debug1: identity file /Users/myname/.ssh/id_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm@xxxxxxxxxxx zlib@xxxxxxxxxxx debug1: kex: client->server aes128-ctr hmac-md5-etm@xxxxxxxxxxx zlib@xxxxxxxxxxx debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA c8:93:83:84:3e:d9:a5:cf:e2:90:3c:8e:02:6d:1a:40 debug1: Host 'intermediate.xxx.com' is known and matches the RSA host key. debug1: Found key in /Users/myname/.ssh/known_hosts:101 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received Ubuntu 14.04.2 LTS debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/myname/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: read PEM private key done: type RSA debug1: Enabling compression at level 6. debug1: Authentication succeeded (publickey). Authenticated to intermediate.xxx.com ([165.91.87.71]:22). debug1: channel_connect_stdio_fwd dest.xxx.com:22 debug1: channel 0: new [stdio-forward] debug1: getpeername failed: Bad file descriptor debug1: Requesting no-more-sessions@xxxxxxxxxxx debug1: Entering interactive session. debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2 debug1: match: OpenSSH_6.2 pat OpenSSH* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm@xxxxxxxxxxx none debug1: kex: client->server aes128-ctr hmac-md5-etm@xxxxxxxxxxx none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA c2:6f:77:70:0e:51:ab:70:3a:b5:32:e8:c3:01:f3:57 debug1: Host 'dest.xxx.com' is known and matches the RSA host key. debug1: Found key in /Users/myname/.ssh/known_hosts:126 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/myname/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Offering DSA public key: /Users/myname/.ssh/id_dsa debug1: Server accepts key: pkalg ssh-dss blen 433 debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). Authenticated to dest.xxx.com (via proxy). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@xxxxxxxxxxx debug1: Entering interactive session. debug1: Requesting X11 forwarding with authentication spoofing. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 X11 forwarding request failed on channel 0 Last login: Sat Jul 18 12:28:13 2015 from intermediate.xxx.com -- Regards, Peng _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev