TransWikia.com

Meaning of SSH command with 2 IPs

Ask Ubuntu Asked by Vikum Dheemantha on October 31, 2021

Often I have seen ssh commands like:

ssh user1@user2@<one-ip-address>@<second-ip-address

First I thought this is to ssh through another server. But several questions and examples like How do I SSH to machine A via B in one command? gives better solutions for server through ssh.

So, my question is what kind of scenarios we have to use the above kind of ssh commands. What is the destination of the ssh command?

2 Answers

As many of the comments suggest, the syntax ssh user1@user2@<one-ip-address>@<second-ip-address does not lead to a useful ssh behavior and it has nothing to do with the jump host function.

Try the following:

  • On any system, connect with your current user to localhost:

    $ ssh localuser@localhost
    

    This will, as expected, open a ssh session on localhost

  • Now try the same with the proposed syntax:

    $ ssh localuser@localhost@localuser@localhost
    localuser@localhost@localuser@localhost's password: 
    Permission denied, please try again.
    ...
    

    You will be asked for a password, but the system will not let you in, since the user localuser@localhost@localuser does not exist on the system.

    Also check the output of /var/log/auth.log:

    Aug 17 08:45:46 somehost sshd[73042]: Invalid user localuser@localhost@localuser from 127.0.0.1 port 44292
    Aug 17 08:45:48 somehost sshd[73042]: pam_unix(sshd:auth): check pass; user unknown
    Aug 17 08:45:48 somehost sshd[73042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 
    Aug 17 08:45:50 somehost sshd[73042]: Failed password for invalid user localuser@localhost@localuser from 127.0.0.1 port 44292 ssh2
    

Unless you create a user localuser@localhost@localuser on the system you want to connect to, this syntax won't work.

Answered by Simon Sudler on October 31, 2021

There's an SSH feature called ProxyJump:

ssh -J [email protected]:port1,[email protected]:port2 [email protected]

which sounds like what you're referring to.

More information on this in eg Section 6 on ProxyJump here or this page on ProxyJump from RedHat. In particular note that there are alternative formats, eg when the user:passwd are the same on each host (don't do that!). You can also put the info into a config file to avoid typing it out each time (though history is useful there).

Finally there are other ways to achieve the same thing, in SSH: -o proxycommand=, and -q -W (the later explained here on ExplainShell).

Answered by pbhj on October 31, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP