Garbage at gmx.de
2017-Dec-27 18:09 UTC
What is the ssh_config equivalent to this syntax involving multiple at signs
My company uses a certain product which forces me to use a jumphost / ssh proxy. When connecting to a server I have to type "ssh myuser at technicaluser@targethost at jumphost" everytime. I tried to simplify this by editing my ssh_config and putting this into the file: Host targethost ProxyJump technicaluser at jumphost These lines are recognized but don't work like intended because all that changes is that ssh now asks for the password of the technicaluser (for which I don't have a password due to security design). When I run the ssh command with the three at signs this works fine, all I'm prompted for is the password of myuser. I tried to find out more about the working solution but didn't even find a name for this. What is this syntax called and what would be the equivalent for ssh_config ? (I want to use ssh_config because I would prefer having to type less and having a setup that works for all other applications that make use of ssh too (git, ansible, ...) If you are interested in more details I have an open answer on Stack Exchange which contains log files (https://unix.stackexchange.com/questions/413285/hardwire-jump-host-in-ssh-config)
Peter Moody
2017-Dec-27 18:25 UTC
What is the ssh_config equivalent to this syntax involving multiple at signs
> debug1: Authenticating to jumphost:22 as 'myuser at technicaluser@targethost'huh? so with multiple @'s, you're doing the equivalent of ssh jumphost -l "myuser at technicaluser@targethost" ? it sounds like the jumphost has a funny sshd configuration that turns "myuser at technicaluser@targethost" into something like, "username myuser + forcecommand ssh myuser at targethost" maybe try something like Match Host targethost User myuser at technicaluser@targethost Hostname jumphost On Wed, Dec 27, 2017 at 10:09 AM, <Garbage at gmx.de> wrote:> My company uses a certain product which forces me to use a jumphost / ssh proxy. > > When connecting to a server I have to type "ssh myuser at technicaluser@targethost at jumphost" everytime. I tried to simplify this by editing my ssh_config and putting this into the file: > > Host targethost > ProxyJump technicaluser at jumphost > > These lines are recognized but don't work like intended because all that changes is that ssh now asks for the password of the technicaluser (for which I don't have a password due to security design). > When I run the ssh command with the three at signs this works fine, all I'm prompted for is the password of myuser. > > I tried to find out more about the working solution but didn't even find a name for this. What is this syntax called and what would be the equivalent for ssh_config ? > (I want to use ssh_config because I would prefer having to type less and having a setup that works for all other applications that make use of ssh too (git, ansible, ...) > > If you are interested in more details I have an open answer on Stack Exchange which contains log files (https://unix.stackexchange.com/questions/413285/hardwire-jump-host-in-ssh-config) > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Damien Miller
2017-Dec-27 23:28 UTC
What is the ssh_config equivalent to this syntax involving multiple at signs
On Wed, 27 Dec 2017, Garbage at gmx.de wrote:> My company uses a certain product which forces me to use a jumphost / > ssh proxy. > > When connecting to a server I have to type "ssh > myuser at technicaluser@targethost at jumphost" everytime. I tried to > simplify this by editing my ssh_config and putting this into the file: > > Host targethost > ProxyJump technicaluser at jumphost > > These lines are recognized but don't work like intended because > all that changes is that ssh now asks for the password of the > technicaluser (for which I don't have a password due to security > design). When I run the ssh command with the three at signs this works > fine, all I'm prompted for is the password of myuser.You're probably using a proxy that is trying to do some "smart" username to destination user/host mapping. ProxyJump is for servers that don't try to be over clever :) Maybe something like: Host targethost Hostname jumphost Username myuser at technicaluser@targethost Will do what you want. -d
Garbage at gmx.de
2017-Dec-28 15:35 UTC
What is the ssh_config equivalent to this syntax involving multiple at signs
I tried Host targethost User myuser at technicaluser@targethost Hostname jumphost and it worked. Thanks a lot ! Unfortunately this doesn't yet solve my problems with Ansible but this is a different story. But one problem remains: I have lots of targethosts and I would better write something like "Host *.servers", the asterisk stands for all the targethost1 through targethost9999. But the targethost has to be part of the User setting. How can I use the wildcard ?> so with multiple @'s, you're doing the equivalent of > > ssh jumphost -l "myuser at technicaluser@targethost" > > maybe try something like > > Match Host targethost > User myuser at technicaluser@targethost > Hostname jumphost
Damien Miller
2017-Dec-28 22:36 UTC
What is the ssh_config equivalent to this syntax involving multiple at signs
On Thu, 28 Dec 2017, Garbage at gmx.de wrote:> > > I tried > > Host targethost > User myuser at technicaluser@targethost > Hostname jumphost > > and it worked. Thanks a lot ! > > Unfortunately this doesn't yet solve my problems with Ansible but > this is a different story. But one problem remains: I have lots of > targethosts and I would better write something like "Host *.servers", > the asterisk stands for all the targethost1 through targethost9999. > But the targethost has to be part of the User setting. How can I use > the wildcard ?You can't at the moment, as there is no way to copy the hostname into the username. Your best bet would be to write a shell script wrapper... -d
Apparently Analagous Threads
- Host key verification (known_hosts) with ProxyJump/ProxyCommand
- CanonicalHostname and ssh connections through a jumphost
- Feature request: ProxyJump with Unix sockets
- cannot create .hosts.b0WX1x : File exists
- Is there any solution, or even work on, limiting which keys gets forwarded where?