[X2Go-User] X2Go fails to connect when SSH config contains multiple jump hosts
Ulrich Sibiller
uli42 at gmx.de
Tue Dec 8 17:56:34 CET 2020
On Tue, Dec 8, 2020 at 5:07 PM Konrad, Martin <konrad at frib.msu.edu> wrote:
>
> Hi,
> I have a few hosts in my ~/.ssh/config file which have ProxyJump lines
> specifying _multiple_ jump hosts:
>
> Host foo
> ForwardAgent yes
> ProxyJump first.example.com, second.example.com
>
> It seems like X2Go doesn't like this kind of configuration. I complains
> when I try to establish any connection (even when trying to connect to
> other hosts which don't have a line like this):
>
> "Cannot connect to first.example.com:22 Failed to process system
> configuration"
>
> Everything works fine in cases that require only a single jump host. As
> far as I can tell from the ssh_config (5) man page my configuration with
> multiple jump hosts is valid. Any suggestions how to deal with this?
Well, x2goclient is using libssh. While libssh can parse the
ssh_config I am not sure to what extent the format is supported. It
looks like proxyjump is only supported starting from libssh 0.9.0 and
x2goclient has 0.8.something, IIRC.
See https://bugs.libssh.org/rLIBSSH990794c58045d5afe69d2fa861fe32b7f547b1fd
So for now you might try if works with ProxyCommand instead. If not
you can always use an ssh outside of x2goclient to build the tunnel
via ProxyJump ("ssh -L12345:localhost:22 foo"). Then you can configure
your session to connect to localhost:12345. For Windows this can also
be accomplished using the built in ssh but due to some bugs you
(again) have to use ProxyCommand:
Create %USERPROFILE%\.ssh\config (without Suffix!):
Host tunnel
Hostname foo
User <your user on foo>
ProxyCommand ssh.exe -q -m hmac-sha2-512-etm at openssh.com
%r at first.example.com ssh -W %h:%p %r at second.example.com
LocalForward localhost:12345 localhost:22
Notes:
- ProxyJump does not work here, error: "posix_spawn: now such file or directory"
- Windows SSH and OpenSSH do not agree on the MAC, so you have to
specify it explicitly
- I have not tested the above ProxyCommand chaining, there might be
some teeaking required
Uli
More information about the x2go-user
mailing list