Ssh – Can’t get SSH ProxyCommand to work (ssh_exchange_identification: Connection closed by remote host)

sshssh-keysssh-tunnel

I'm unsuccessfully trying to use SSH ProxyCommand to connect to a server via a jump box. My config is below, I'm running this command:

ssh 10.0.2.54 -F ssh.config

Host x.x.x.x
    User                   ec2-user
    HostName               x.x.x.x
    ProxyCommand           none
    IdentityFile           /Users/me/.ssh/keys.pem
    BatchMode              yes
    PasswordAuthentication no

Host *
    ServerAliveInterval    60
    TCPKeepAlive           yes
    ProxyCommand           ssh -W %h:%p -q ec2-user@x.x.x.x
    ControlMaster          auto
    ControlPersist         8h
    User                   ec2-user
    IdentityFile           /Users/me/.ssh/keys.pem

The result is simply:

ssh_exchange_identification: Connection closed by remote host

How can I get this to work/troubleshoot the issue?

Thanks,

Best Answer

ControlPersist in combination with ProxyCommand is not effective and you miss ControlPath option. But it is not a problem here.

First of all, if you are using non-standard config file and you want it to be used even by the proxy command, you need to specify it even there. The -q option makes the connection quiet so you have no idea what is going on under the hood of the proxy command. LogLevel DEBUG3 option is quite useful.

This line:

ProxyCommand           ssh -W %h:%p -q ec2-user@x.x.x.x

needs to be (and you don't need the username as it is already specified above):

ProxyCommand           ssh -W %h:%p -F ssh.config x.x.x.x

You have also wrong order of parameters in your command:

ssh 10.0.2.54 -F ssh.config -vv

needs to be:

ssh -F ssh.config 10.0.2.54

as you can read from manual page. And -vv is not needed if you use LogLevel option.

Then it should work for you (at least it did for me, otherwise investigate the log).

Related Topic