I am trying to set a ssh session over a double hop with different users on each hop to transfer files easily via fish/sftp.
my .ssh/config look like
Host middle_server
User foo
Hostname 192.168.xx.xx
Host www.server.org target
User bar
HostName www.server.org
ProxyCommand ssh middle_server nc %h %p 2> /dev/null
The connection to middle server is secure by rsa key, and direct from the middle server to the target with the bar user.
When I try to connect to the target, I got the following error:
[foo@localhost]$ ssh target
Enter passphrase for key '/home/foo/.ssh/id_rsa':
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I can connect with the 2 following methods, so I guess the bar user is not used for the second hop, but I have no idea of what can be the cause.
[foo@localhost]$ ssh middle_server
Enter passphrase for key '/home/foo/.ssh/id_rsa':
[foo@middle_server ~]$ ssh bar@www.server.org
[bar@www ~]$
or
[foo@localhost]$ ssh -A -t foo@middle_server ssh -A bar@www.server.org
Enter passphrase for key '/home/foo/.ssh/id_rsa':
[bar@www ~]$
Any help will be greatly appreciated, thanks in advance!
Best Answer
When you use
ProxyCommand
your local machine does the connection to target host. As you want to create the connection from middle to target, you should not use it (or should not use it withnc
).I would not use
ForwardAgent
since it is not totally secure (the userroot
on middle machine can encode data using your key usingssh-agent
on your local machine).So, one possible solution is to run
ssh
command in middle machine to target machine inside yourProxyCommand
on local machine. For example:You can configure a host called "www_over_middle" with this
ProxyCommand
on your~/.ssh/config
:And then: