CODEWITHSUNDEEP
sshssh-keysopenssh
rix
rix

Reputation: 10632

Can't get SSH ProxyCommand to work (ssh_exchange_identification: Connection closed by remote host)

I'm unsuccessfully trying to use SSH ProxyCommand to connect to a server via a jump box. My config is below, I'm running this command:

ssh 10.0.2.54 -F ssh.config -vv

Host x.x.x.x
    User                   ec2-user
    HostName               x.x.x.x
    ProxyCommand           none
    IdentityFile           /Users/me/.ssh/keys.pem
    BatchMode              yes
    PasswordAuthentication no

Host *
    ServerAliveInterval    60
    TCPKeepAlive           yes
    ProxyCommand           ssh -W %h:%p -q [email protected]
    ControlMaster          auto
    ControlPersist         8h
    User                   ec2-user
    IdentityFile           /Users/me/.ssh/keys.pem

The result is:

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data ssh.config
debug1: ssh.config line 9: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/Users/me/.ssh/[email protected]:22" does not exist
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec ssh -W 10.0.2.54:22 -q [email protected]
debug1: identity file /Users/me/.ssh/keys.pem type -1
debug1: identity file /Users/me/.ssh/keys.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: permanently_drop_suid: 501

How can I get this to work/troubleshoot the issue?

Thanks,

Upvotes: 3

Views: 7981

Answers (1)

Jakuje
Jakuje

Reputation: 25936

ControlPersist in combination with ProxyCommand is not effective and you miss ControlPath option. But it is not a problem here.

First of all, if you are using non-standard config file and you want it to be used even by the proxy command, you need to specify it even there. The -q option makes the connection quiet so you have no idea what is going on under the hood of the proxy command. LogLevel DEBUG3 option is quite useful.

This line:

ProxyCommand           ssh -W %h:%p -q [email protected]

needs to be (and you don't need the username as it is already specified above):

ProxyCommand           ssh -W %h:%p -F ssh.config x.x.x.x

You have also wrong order of parameters in your command:

ssh 10.0.2.54 -F ssh.config -vv

needs to be:

ssh -F ssh.config 10.0.2.54

as you can read from manual page. And -vv is not needed if you use LogLevel option.

Then it should work for you (at least it did for me, otherwise investigate the log).

Upvotes: 4

Related Questions