search for: proxyjump

...s not perfect but it's only 2 extra characters on the command line. Thanks, I like this kind of "out of the box" thinking ??. But it seems that we agree that this is a hack. From my rather na?ve point of view, "fixing" the behavior of CanonicalHostname in the presence of a ProxyJump would be most desirable: Instead of just trying to resolve one in the list of potential fully qualified hostnames locally (which cannot work as the host is only known in some remote subnet accessible through the ProxyJump command), the command defined in ProxyJump should be used to resolve the ful...

Dear developers, The ProxyJump feature is nowadays implemented on the basis of a TCP port forwarding on the jumping host, isn't it? As a result, this is affected by a AllowTcpForwarding=no configuration on the jumping host. So, may I suggest a variant based on Unix sockets (such as -L or -R does). Nice idea, isn't it?...

Hi, I'm very grateful for the new ProxyJump option. It helps tremendously! One small question I'd like to ask, though: Is there a way to skip one (mostly the first) jump host if the machine is in some specific network? For example, from home, I (resp. a shell script) need to jump to the office's server, a customers' login ho...

On Sat, 13 Jan 2024, Rob Leslie wrote: > Hello, > > On macOS, Terminal?s ?New Remote Connection?? command runs ssh in a new window like this: > > login -pfq $USER /usr/bin/ssh $HOST > > Here, login executes /usr/bin/ssh with argv[0] set to ?-ssh?. > > If $HOST has a ProxyJump configuration, the resulting ProxyCommand is: > > -ssh -W '[%h]:%p' $JUMP_HOST > > Because of the leading hyphen, this fails to execute. If the user?s shell is zsh, the Terminal window shows: > > zsh:1: unknown exec flag -s > > Would it make sense to ignore any...

https://bugzilla.mindrot.org/show_bug.cgi?id=2744 Bug ID: 2744 Summary: ProxyJump causes "Killed by signal 1" to be printed in terminal. Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Linux Status: NEW Severity: trivial Priority: P5 Component: ssh...

Hello, On macOS, Terminal?s ?New Remote Connection?? command runs ssh in a new window like this: login -pfq $USER /usr/bin/ssh $HOST Here, login executes /usr/bin/ssh with argv[0] set to ?-ssh?. If $HOST has a ProxyJump configuration, the resulting ProxyCommand is: -ssh -W '[%h]:%p' $JUMP_HOST Because of the leading hyphen, this fails to execute. If the user?s shell is zsh, the Terminal window shows: zsh:1: unknown exec flag -s Would it make sense to ignore any leading hyphen when constructing the Pr...

Hi all, I noticed a bit of an odd issue with maintaining `known_hosts` when the target machine is behind a bastion using `ProxyJump` or `ProxyCommand` with host key clashes. Client for me right now is OpenSSH_9.3p1 on Gentoo Linux/AMD64. I'm a member of a team, and most of us use Ubuntu (yes, I'm a rebel). Another team who actually maintain this fleet often access the same machines via Windows 10/11 boxes (not su...

...frowns at setting up 16 million RRs to cover 172.0.0.0/8 in preparation, sslip.io might be helpful. https://sslip.io/ Otherwise, and assuming a *manageable* (mainly, enumerable) population of remote sites, I wonder whether this approach might work, too? Host Perth-47 HostName 172.23.45.47 ProxyJump Perth-GW GlobalKnownHostsFile /dev/null UserKnownHostsFile ~/.ssh/known-in-Perth Host Adelaide-11 HostName 172.45.67.11 ProxyJump Adelaide-GW GlobalKnownHostsFile /dev/null UserKnownHostsFile ~/.ssh/known-in-Adelaide (Yes, I realize that with target IPs being *potentially dynamic* per DH...

> ssh -v test OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5 debug1: Reading configuration data C:\\Users\\jsore/.ssh/config debug1: C:\\Users\\jsore/.ssh/config line 11: Applying options for test debug1: Setting implicit ProxyCommand from ProxyJump: ssh -v -W '[%h]:%p' apple debug1: Executing proxy command: exec ssh -v -W '[test]:22' apple CreateProcessW failed error:2 posix_spawn: No such file or directory https://github.com/openssh/openssh-portable/blob/c327813ea1d740e3e367109c17873815aba1328e/ssh.c#L1180 It doesn't ap...

https://bugzilla.mindrot.org/show_bug.cgi?id=3163 Bug ID: 3163 Summary: teach ssh-keyscan to use ssh_config (plus options like ProxyJump) Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keyscan Assignee: unassigned-bugs at mindrot.org Reporter: j...

https://bugzilla.mindrot.org/show_bug.cgi?id=3582 Bug ID: 3582 Summary: Confusing error message when using ProxyJump Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: bluebird09...

...e biggest impediment is the constrained nature of the routers that we're using as bastion hosts on site. We'd have to deploy the DNS server either on the router itself, or at a static address within reach of it (and configure the router to use that resolver). From what I understand of ProxyJump: ssh -J proxyuser at proxyhost targetuser at targethost.domain targethost.domain would need to be resolved by proxyhost, not the local client. Another approach would be to set up /etc/hosts on the bastion, if it were a conventional Linux machine I'd have little issue with this. I'm...

https://bugzilla.mindrot.org/show_bug.cgi?id=3057 Bug ID: 3057 Summary: Fork-bomb when misconfiguring a host to ProxyJump onto itself Product: Portable OpenSSH Version: 7.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.or...

https://bugzilla.mindrot.org/show_bug.cgi?id=3186 Bug ID: 3186 Summary: ProxyJump should include IdentityFile when specified Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at...

...s is that we cannot assume the local IPv4 address is > unique, since it's not (and in many cases, not even static). If the IP address is not significant, you can tell ssh to not record them ("CheckHostIP no"). [...] > Host mytarget > Hostname 172.16.1.2 > ProxyJump user2 at bastion2 I think you just need "HostKeyAlias mytarget" here. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement...

...167.235.141.44 root at west-coast Works as expected. Also $ ssh root at 2a01:4f8:1c1e:528d::1 does work as expected. I do have native IPv6. This is on Debian 12 Bookworm: $ ssh -V OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023 The workaround seems to be to define the host used in ProxyJump in ~/.ssh/config then it works with IPv6 too. Yes, I known I should use IPv6 with DNS which is not the point here. What have I overlooked? Thank you for any help. Adam Kalisz

...?and then establishing a TCP forwarding to the ultimate destination > from > ?there. > ?Multiple jump hops may be specified separated by comma characters. > +IPv6 addresses can be specified by enclosing the address in square > brackets. > ?This is a shortcut to specify a > ?.Cm ProxyJump > ?configuration directive. This would be helpful! It should probably be noted that this syntax is only valid in the -J/ ProxyJump context. Because: $ ssh root@[2a01:4f8:1c1e:528d::1] ssh: Could not resolve hostname [2a01:4ff:1f0:e68b::1]:: Name or service not known does not work. Thank you...

On 18/8/23 15:39, Darren Tucker wrote: >> Host mytarget >> Hostname 172.16.1.2 >> ProxyJump user2 at bastion2 > I think you just need "HostKeyAlias mytarget" here. Ahh, in my scanning through the `ssh_config` manpage, I missed this, and change logs seem to indicate this feature has been around since at least 2017, so should not cause compatibility issues with the other use...

On 19/8/23 08:00, Stuart Longland VK4MSL wrote: > Would the UserKnownHostsFile be relative to the current working > directory of the `ssh` process at the time of its call, or would it > figure out that these files are relative to > /home/me/workplace/ops/eng-ssh/bigcust-config? Nope? just tried it, at this time it's relative to whatever directory you call `ssh` from. Which if

On Fri, 18 Aug 2023 at 17:18, Stuart Longland VK4MSL <me at vk4msl.com> wrote: > On 18/8/23 15:39, Darren Tucker wrote: [...] > > I think you just need "HostKeyAlias mytarget" here. > > Ahh, in my scanning through the `ssh_config` manpage, I missed this, and > change logs seem to indicate this feature has been around since at least > 2017, so should not cause