On Mon, Feb 7, 2011 at 9:08 PM, Igor Bukanov <igor@xxxxxxxx> wrote: > On 5 February 2011 19:10, Asif Iqbal <vadud3@xxxxxxxxx> wrote: >> # cat ~/.ssh/config > ... >> host remotehost >> hostname remotehost.example.net >> ProxyCommand ssh jumphost -t ssh %h > > ProxyCommand should in general connect its input/output stream to sshd > demon listening on some socket. In your case I would suggest to use > the nc command from jumphost that binds stdin/stdout to the ssh port > on the remote host, like in: > > ProxyCommand ssh -T -a jumphost nc %h %p > > where -T and -a is used to make sure that useless in this case tty on > jumphost is not allocated and no agent is forwarded. > This worked perfect. So now I have it setup like this $ cat ~/.ssh/config host jumphost hostname jumphost.example.net ForwardX11 yes ControlMaster auto ControlPath ~/.ssh/%r@%h:%p host remotehost hostname remotehost.example.net ProxyCommand ssh -T -a jumphost nc %h %p And I can ssh to remotehost through the enabled shared session setup by jumphost. Is it possible to make it work as default for all hosts except the jumphost? I tried to replace the remotehost with `*' and then tried to fresh start, like below $ cat ~/.ssh/config host jumphost hostname jumphost.example.net ForwardX11 yes ControlMaster auto ControlPath ~/.ssh/%r@%h:%p host * hostname remotehost.example.net ProxyCommand ssh -T -a jumphost nc %h %p But, looks like jumphost is trying to use the proxy command instead of just going with the config specific to it $ ssh -v jumphost OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /home/iqbala/.ssh/config debug1: Applying options for jumphost debug1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: auto-mux: Trying existing master debug1: Control socket "/home/iqbala/.ssh/iqbala@xxxxxxxxxxxxxxxxxxxx:22" does not exist debug1: Executing proxy command: exec ssh -T -a jumphost.example.net nc jumphost.example.net 22 -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
