How can I rewrite the following command with ProxyCommand
?
ssh -l username1 -t jumphost1 \
ssh -l username2 -t jumphost2 \
ssh -l username3 -t jumphost3 \
ssh -l username4 server
This doesn't work
ssh -o ProxyCommand="\
ssh -l username1 -t jumphost1 \
ssh -l username2 -t jumphost2 \
ssh -l username3 -t jumphost3" \
-l username4 server
username1@jumphost1's password:
Pseudo-terminal will not be allocated because stdin is not a terminal.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
ssh_exchange_identification: Connection closed by remote host
I'm aware of its use with nc
, but I'm searching for way to use it with 3+ hops, and also use this option with scp
. I checked ssh_config
man page, but the information is quite scarce, for me at least.
EDIT
I tried using ProxyCommand
nested in another ProxyCommand
as suggested below but I always get something along the following lines
debug3: ssh_init_stdio_forwarding: 192.17.2.2:2222
debug1: channel_connect_stdio_fwd 192.17.2.2:2222
debug1: channel 0: new [stdio-forward]
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: getpeername failed: Bad file descriptor
debug3: send packet: type 90
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
Fortunately, since 7.3
-J
or ProxyJump
serves my purpose — although I still to have to work around my keys setup.
ssh -q -J user1@jumphost1,user2@jumphost2,user3@jumphost3 user@server
scp
, because SCP is expecting SCP control messages, but instead gets SSH control messages and fails. On the other hand, theProxyCommand
does it transparently and therefore the outermostssh
(orscp
) will get the messages directly from the other end. – Jakuje Oct 21 '16 at 17:33>
prompt where is waiting to break the line continuation, I guess — ie, the command never executes. – 1.61803 Oct 22 '16 at 14:31ProxyCommand
and theProxyJump
option to my post. I also read about Old Methods of Passing Through Jump Hosts and there's not mention nor example of nestedProxyCommand
at runtime. – 1.61803 Nov 13 '16 at 22:12ssh -vvv
is that even for my nested commands the-W %h:%p
expands to the targethost:port
– Roman Dodin Nov 20 '19 at 10:30%
should work:%%h
in your case – Jakuje Nov 20 '19 at 11:54for the sake of completeness, I provide the full command here for the
src->jmp1->jmp2->dev
path, where the command is issued onsrc
and the target machine isdev
– Roman Dodin Nov 21 '19 at 12:10ssh -o "ProxyCommand=ssh -W %h:%p -o 'ProxyCommand=ssh -W %%h:%%p root@jmp1' root@jmp2" admin@dev
ssh -oProxyCommand="ssh -W %h:%p -oProxyCommand=\"ssh -W %%h:%%p -oProxyCommand=\\\"ssh -W %%h:%%p root@jmp1\\\" root@jmp2 \" root@jmp3" root@jmp4
. – Matthias Altmann Sep 02 '22 at 14:45%%h
does work - I'm curious is this a general escape? (google'd the topic briefly without much success) – dtmland Feb 14 '23 at 23:06