SSH proxy error

Question

I would like to be able to establish an SSH connection to a remote server, through an IPSec tunnel. So I need to use the local endpoint as an intermediate hop to achieve this.

The following command already works fine:

ssh -tt smals ssh -tt lpextapp050a

• smals is the name of the intermediate server, as defined in my .ssh/config file.
• lpextapp050a is the name of the destination server, as defined in the .ssh/config file of smals

So I tried translating this into a configuration for my .ssh/config as follows:

Host lpextapp050a
User <username>
ProxyCommand ssh root@smals -W lpextapp050a:22

However, attempting to connect with ssh lpextapp050a gives me this error:

channel 0: open failed: administratively prohibited: open failed
stdio forwarding failed
ssh_exchange_identification: Connection closed by remote host

Google seemed to indicate I needed to check the AllowTcpForwarding and PermitOpen settings of the sshd on smals, but those are correctly set, ie. they are not present in the settings file. I tried specifically setting them, which did not change anything.

Does anyone have an idea what I'm doing wrong?

Answer 1

I have discovered my error.

The lpextapp050a alias was defined in the .ssh/config file of the root user of the smals server.

When making the connection using ssh -tt smals ssh -tt lpextapp050a this config file was loaded and honored.

Trying to establish the same using the ProxyCommand did not load this config file. I finally managed to discover this by reading the /var/log/auth.log file on my smals server.

Thus, I solved my problem by basically copying over the relevant parts (IP, user) into my local configuration file.