Hi, I have a few hosts in my ~/.ssh/config file which have ProxyJump lines specifying _multiple_ jump hosts:
Host foo ForwardAgent yes ProxyJump first.example.com, second.example.com
It seems like X2Go doesn't like this kind of configuration. I complains when I try to establish any connection (even when trying to connect to other hosts which don't have a line like this):
"Cannot connect to first.example.com:22 Failed to process system configuration"
Everything works fine in cases that require only a single jump host. As far as I can tell from the ssh_config (5) man page my configuration with multiple jump hosts is valid. Any suggestions how to deal with this?
Thanks a lot,
Martin
-- Martin Konrad Facility for Rare Isotope Beams Michigan State University 640 South Shaw Lane East Lansing, MI 48824-1321, USA Tel. 517-908-7253 Email: konrad@frib.msu.edu
On Tue, Dec 8, 2020 at 5:07 PM Konrad, Martin <konrad@frib.msu.edu> wrote:
Hi, I have a few hosts in my ~/.ssh/config file which have ProxyJump lines specifying _multiple_ jump hosts:
Host foo ForwardAgent yes ProxyJump first.example.com, second.example.com
It seems like X2Go doesn't like this kind of configuration. I complains when I try to establish any connection (even when trying to connect to other hosts which don't have a line like this):
"Cannot connect to first.example.com:22 Failed to process system configuration"
Everything works fine in cases that require only a single jump host. As far as I can tell from the ssh_config (5) man page my configuration with multiple jump hosts is valid. Any suggestions how to deal with this?
Well, x2goclient is using libssh. While libssh can parse the ssh_config I am not sure to what extent the format is supported. It looks like proxyjump is only supported starting from libssh 0.9.0 and x2goclient has 0.8.something, IIRC.
See https://bugs.libssh.org/rLIBSSH990794c58045d5afe69d2fa861fe32b7f547b1fd
So for now you might try if works with ProxyCommand instead. If not you can always use an ssh outside of x2goclient to build the tunnel via ProxyJump ("ssh -L12345:localhost:22 foo"). Then you can configure your session to connect to localhost:12345. For Windows this can also be accomplished using the built in ssh but due to some bugs you (again) have to use ProxyCommand:
Create %USERPROFILE%\.ssh\config (without Suffix!):
Host tunnel Hostname foo User <your user on foo> ProxyCommand ssh.exe -q -m hmac-sha2-512-etm@openssh.com %r@first.example.com ssh -W %h:%p %r@second.example.com LocalForward localhost:12345 localhost:22
Notes:
- ProxyJump does not work here, error: "posix_spawn: now such file or directory"
- Windows SSH and OpenSSH do not agree on the MAC, so you have to specify it explicitly
- I have not tested the above ProxyCommand chaining, there might be some teeaking required
Uli
Hi Ulrich, Your comments pointed me in the right direction. The trick is indeed to use "ProxyCommand" instead of the more modern "ProxyJump" which doesn't seem to be supported by X2Go/libssh, yet.
On my Ubuntu 20.10 machine the following worked for me:
Host foo ForwardAgent yes ProxyCommand ssh -YJ user1@first.example.com,user2@second.example.com -W %h:%p user3@foo.example.com
Users on older machines might want to check if their SSH client supports the -J argument. If it's not supported a carefully crafted chain of ssh invocations might be required.
Thanks a lot!
Martin
-- Martin Konrad Facility for Rare Isotope Beams Michigan State University 640 South Shaw Lane East Lansing, MI 48824-1321, USA Tel. 517-908-7253 Email: konrad@frib.msu.edu
-
Konrad, Martin -
Ulrich Sibiller