On 03Jun2008 10:31, lux <yuanlux@xxxxxxxxx> wrote: | On Mon, Jun 2, 2008 at 4:38 PM, Cameron Simpson <cs@xxxxxxxxxx> wrote: | > On 02Jun2008 16:23, lux <yuanlux@xxxxxxxxx> wrote: | > | > >> I have a script called "sshto" that does exactly this for multihop | > ssh | > | > >> connections. [...] | > | Sounds a very interesting tool. I gave it a try. But | > | what is shqstr? | > | looks a like a command, but not in my system | > | > Yeah, sshto shamelessly uses other scripts from that same collection. | > Shqstr quotes strings for handing to eval/sh/remote-ssh intact. | > The simplest thing is to go to: | > http://www.cskk.ezoshosting.com/cs/css/ | > and download the tarball, unpack into /opt/css. [...] | | Thanks a lot, I will try it. Cool. The purpose of sshto is that it knows how to construct the right proxycommand for you:-) Oh yes, you will probably need the "nc" command (netcat) on the gateway machine. Or the target machine, at the expense of an extra hop - I'll elaborate on that if you turn out to need it. This is because, if sshto uses proxycommand (i.e. it is multihop), it uses "nc host 22" to do the final connection to the target ssh daemon (on labpc in your case). | I followed your hint of ProxyCommand | here is the .ssh/config file: | | Host labpc | ProxyCommand ssh lux@gw -t -w 3 labpc 22 | | When | | ssh labpc | | I got two layers of prompt for login. there were possible outputs: | | 1st, sometime, I got login to labpc , but it last 1 or 2 seconds, and get | discconetctd with this message:Connection to labpc closed by remote host. | | the 2nd output is failure to login and got this message: | Write failed: Broken pipe | | any suggest? thanks Yes. Start an ssh-agent, add your key to it, add forwardagent to your ssh config file. Then no prompting will be needed. Pretty much all batch or multihop stuff will need an agent to avoid prompting for passwords. Also, always put ssh options before the "user@host", it is less ambiguous. Eg: ProxyCommand ssh -t -w 3 lux@gw You should not need (and in fact should probably _avoid_) the -t option for the proxy command - it really should not use a terminal. I have not used the -w options myself, and again they should not be in the proxycommand, they should be in your upper-level ssh that _uses_ the proxycommand. I don't know why you have "labpc 22" on the end of that. A guess: Host labpc ProxyCommand ssh lux@gw but be sure to set up ssh-agent first. Cheers, -- Cameron Simpson <cs@xxxxxxxxxx> DoD#743 http://www.cskk.ezoshosting.com/cs/ Sue Ralph Nader, too, he was supposed to have prevented this kind of thing by now. Oh, and my fee is 40% - Ed "gettabike" Green, rec.motorcycles -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
