Ssh: ProxyCommand via persistant ControlMaster connection

ssh

I have two servers, middle and remote. middle is used as a proxy to access remote. I've set up middle's ssh config so that it preserves connections to remote via ControlMaster, as follows

Host remote ControlMaster auto ControlPath ~/.ssh/%r@%h:%p ControlPersist yes

I've created a persistent connection from middle to remote. This is convenient because the authentication on remote is complex.

I'd like to set up my local ssh config so that I can ssh from localhost to remote via middle, reusing the connection created above. I can do this manually as ssh -t middle ssh remote, but I can't figure out a way to accomplish the same thing using the ProxyCommand option, which is especially annoying if I want to scp a file to remote.

ProxyCommands which do not work include

ssh middle -W remote:22 (does not reuse connection)
ssh middle -t remote (goes all the way to a shell, confusing my local ssh client, which is expecting to talk to sshd, not a shell)

Best Answer

I think you misunderstand the whole ControlMaster mechanism in ssh. The idea is that the connection is reused on the LOCAL SYSTEM - that is, on the "middle" server. So, in essence, to reuse the connection, you would need to invoke ssh client on "middle". Like this:

ssh middle "ssh remote"

This will connect you to "middle" first, and then launch an ssh client there, to connect you to "remote". The second connection will, with correct ControlMaster configuration, reuse the existing, persistent, connection.

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Ssh returns “Bad owner or permissions on ~/.ssh/config”

I needed to have rw for user only permissions on config. This fixed it.

chmod 600 ~/.ssh/config

As others have noted below, it could be the file owner. (upvote them!)

chown $USER ~/.ssh/config

If your whole folder has invalid permissions here's a table of possible permissions:

Path	Permission
.ssh directory (code)	0700 (drwx------)
private keys (ex: `id_rsa`) (code)	0600 (-rw-------)
`config`	0600 (-rw-------)
public keys (*.pub ex: `id_rsa.pub`)	0644 (-rw-r--r--)
`authorized_keys` (code)	0644 (-rw-r--r--)
`known_hosts`	0644 (-rw-r--r--)

Sources:

openssh check-perm.c
openssh readconf.c
openssh ssh_user_config fix_authorized_keys_perms

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

Ssh returns “Bad owner or permissions on ~/.ssh/config”

Related Topic