Ssh – Using ssh -t works but using ProxyCommand ssh -W does not

sshssh-configssh-tunneling

I am trying to set up a ssh connection through a jump host. It should go like this A -> B -> C. I can connect fine from A to B and from B to C but I would like to have a single connection from A to C directly (I want to use some tools over ssh.)

I'm on mac OSx. These command work fine:

ssh hostB

and then from hostB

ssh hostC

or

ssh -t hostB ssh hostC

I am able to get on hostC.

I have another tunnel set up to a cluster and it works fine.

ssh cluster

This is my .ssh/config file:

Host hostB
        Hostname xxx.xxx.xxx.xxx
        User userB
        ForwardAgent yes
        IdentityFile ~/.ssh/id_rsa_macbook_air

Host cluster
        Hostname clusterHostname
        User clusterUser
        ProxyCommand ssh hostB -W %h:%p
        IdentityFile ~/.ssh/id_rsa

Host hostC
        Hostname xxx.xxx.xxx.xxx
        User userC
        ProxyCommand ssh hostB -W %h:%p
        IdentityFile ~/.ssh/id_rsa_macbook_air

Host *+*
        ProxyCommand ssh -W $(echo %h | sed 's/^.*+//;s/^\([^:]*$\)/\1:22/') $(echo %h | sed 's/+[^+]*$//;s/\([^+%%]*\)%%\([^+]*\)$/\2 -l \1/;s/:\([^:+]*\)$/ -p \1/')

I get the following error when I try to connect to hostC:

ssh hostC -v
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/userC/.ssh/config
debug1: /Users/userC/.ssh/config line 28: Applying options for hostC
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Executing proxy command: exec ssh hostB -W xxx.xxx.xxx.xxx:22
debug1: permanently_drop_suid: 501
debug1: identity file /Users/userC/.ssh/id_rsa_macbook_air type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/userC/.ssh/id_rsa_macbook_air-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
channel 0: open failed: administratively prohibited: open failed
stdio forwarding failed
ssh_exchange_identification: Connection closed by remote host

I get the same output when I run:

ssh -l userC userB%hostB+hostC

I don't have and cannot install netcat or any other software on hostB.
I have full access on my start machine and on hostC.

Thank you for your help!

Best Answer

There is a ProxyJump attribute in ssh as well. Have you tried the following config?

Host hostC
        Hostname xxx.xxx.xxx.xxx
        User userC
        ProxyJump hostB
        IdentityFile ~/.ssh/id_rsa_macbook_air
Related Question