Netcat – Purpose of netcat’s -w Timeout Option When SSH Tunneling

gatewaynetcatPROXYsshtunneling

I am in the exact same situation as the person who posted another question, I am trying to tunnel ssh connections through a gateway server instead of having to ssh into the gateway and manually ssh again to the destination server from there. I am trying to set up the solution given in the accepted answer there, a ~/.ssh/config that includes:

host foo
  User webby
  ProxyCommand ssh a nc -w 3 %h %p

host a
  User johndoe

However, when I try to ssh foo, my connection stays alive for 3 seconds and then dies with a Write failed: Broken pipe error. Removing the -w 3 option solves the problem. What is the purpose of that -w 3 in the original solution, and why is it causing a Broken pipe error when I use it? What is the harm in omitting it?

Best Answer

What is the purpose of that -w 3 in the original solution

It avoids leaving orphaned nc processes running on the remote host when the ssh session is closed improperly.

and why is it causing a Broken pipe error when I use it?

Try increasing the timeout for nc to 90 and setting ServerAliveInterval to 30 to see if your problem go away:

host foo
    User webby
    ServerAliveInterval 30
    ProxyCommand ssh a nc -w 90 %h %p

Best Answer

Related Solutions

SSH – How to Recover from ‘Too Many Authentication Failures for User Root’

Ssh use with netcat to forward connections via bastion host to inside machine

Related Topic