Reputation: 339
SSH through bastion host
I've just started to use Go and I am trying to setup an ssh connection through a bastion host, i successfully authenticate to the bastion host, but fail on the LAN host. I've read a number of posts, the answer to this i've found very helpful. But i'm not sure what would be in that persons config. My code is as follows. I'm trying to do with with PublicKeys only and if its important i'm starting on a mac, authenticate to linux, then fail to make the second connection to another linux host. Plain ssh works fine
package main
import (
"fmt"
"golang.org/x/crypto/ssh"
"io/ioutil"
"log"
"os/user"
)
const TCP = "tcp"
const PORT = "22"
func bastionConnect(bastion string, localh string) *ssh.Client {
var usr, _ = user.Current()
var homeDir = usr.HomeDir
fmt.Printf("home is %v\n", homeDir)
key, err := ioutil.ReadFile(homeDir + "/.ssh/id_rsa")
if err != nil {
fmt.Print("i'm dying at reading ssh key")
panic(err)
}
signer, err := ssh.ParsePrivateKey(key)
if err != nil {
fmt.Print("i'm dying at parsing private key")
panic(err)
}
fmt.Printf("I'm returning public keys for %v", signer.PublicKey())
config := &ssh.ClientConfig{
User: usr.Username,
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
Auth: []ssh.AuthMethod{
ssh.PublicKeys(signer),
},
}
bClient, err := ssh.Dial(TCP, bastion+":22", config)
if err != nil {
log.Fatal(err)
}
fmt.Print("passed bastion host\n")
// Dial a connection to the service host, from the bastion
conn, err := bClient.Dial(TCP, fmt.Sprintf("%s:%s", localh, PORT))
if err != nil {
log.Fatal(err)
}
ncc, chans, reqs, err := ssh.NewClientConn(conn, fmt.Sprintf("%s:%s", localh, PORT), config)
if err != nil {
fmt.Printf("Error trying to conntect to %s via bastion host\n%v\n", localh, err)
log.Fatal(err)
}
sClient := ssh.NewClient(ncc, chans, reqs)
return sClient
}
func main() {
var bastion = "jumpdev.example.org"
var lanHost = "devserver01"
bastionConnect(bastion, lanHost)
}
The last log line i see is Error trying to connect to devserver01 via bastion host with an error of
2020/02/03 14:40:17 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
Pardon all the Printfs needed to see what's up. In the second connect could the public key config be messing it up? I have also checked out this project, but seems like overkill.
Upvotes: 2
Views: 1231
Answers (1)
Reputation: 339
The above code was fine, i was running into an authorized_keys issue on a box that i always connect to but forgot about my local .ssh/config :(
I wanted to expand on this a bit so it was not just whoops, i messed up post. For a full bastion to lanhost agent connection, I have updated a gist here
Upvotes: 2
Related Questions
- SSH tunnel and port forwarding through a bastion machine gives connection refused error
- SSH to private instances from bastion
- AWS EC2 SSH Tunnel Bastion Server
- SSH to Kubernetes pod using Bastion
- SSH Tunnel through Ubuntu bastion to EC2 instance in private subnet
- Can't use ssh with "-F" to login through a bastion host
- ssh to VM through bastion with key
- Ansible, connecting to bastion server in AWS VPC, host unreachable
- Ansible through Bastion server SSH Error
- Go x/crypto/ssh -- How to establish ssh connection to private instance over a bastion node