Ask Ubuntu Asked by Vikum Dheemantha on October 31, 2021
Often I have seen ssh commands like:
ssh user1@user2@<one-ip-address>@<second-ip-address
First I thought this is to ssh through another server. But several questions and examples like How do I SSH to machine A via B in one command? gives better solutions for server through ssh.
So, my question is what kind of scenarios we have to use the above kind of ssh commands. What is the destination of the ssh command?
As many of the comments suggest, the syntax ssh user1@user2@<one-ip-address>@<second-ip-address
does not lead to a useful ssh behavior and it has nothing to do with the jump host function.
Try the following:
On any system, connect with your current user to localhost:
$ ssh localuser@localhost
This will, as expected, open a ssh
session on localhost
Now try the same with the proposed syntax:
$ ssh localuser@localhost@localuser@localhost
localuser@localhost@localuser@localhost's password:
Permission denied, please try again.
...
You will be asked for a password, but the system will not let you in, since the user
localuser@localhost@localuser
does not exist on the system.
Also check the output of /var/log/auth.log
:
Aug 17 08:45:46 somehost sshd[73042]: Invalid user localuser@localhost@localuser from 127.0.0.1 port 44292
Aug 17 08:45:48 somehost sshd[73042]: pam_unix(sshd:auth): check pass; user unknown
Aug 17 08:45:48 somehost sshd[73042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1
Aug 17 08:45:50 somehost sshd[73042]: Failed password for invalid user localuser@localhost@localuser from 127.0.0.1 port 44292 ssh2
Unless you create a user localuser@localhost@localuser
on the system you want to connect to, this syntax won't work.
Answered by Simon Sudler on October 31, 2021
There's an SSH feature called ProxyJump:
ssh -J [email protected]:port1,[email protected]:port2 [email protected]
which sounds like what you're referring to.
More information on this in eg Section 6 on ProxyJump here or this page on ProxyJump from RedHat. In particular note that there are alternative formats, eg when the user:passwd are the same on each host (don't do that!). You can also put the info into a config file to avoid typing it out each time (though history
is useful there).
Finally there are other ways to achieve the same thing, in SSH: -o proxycommand=
, and -q -W
(the later explained here on ExplainShell).
Answered by pbhj on October 31, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP