Support for passing through a jump server or bastion node
healykys opened this issue · 3 comments
I'd like use this code to connect to a server node01 through a bastion node or a jump server (login). Currently, I can use cygwin and ssh config files to get through login to node01, but I'm trying to find a way if your code supports a similar outcome. Ultimately, I'd like to use a YubiKey to access node01 while jumping through login.
Command to access node01 through login: ssh -F config-ssh node01
Response: Yubikey for 'healykys':
config-ssh:
Host *
User healykys
#Public
Host login
Hostname 12.345.67.890
IdentityFile ./login
Host node01
Hostname 21.543.76.908
IdentityFile ./node
ProxyCommand ssh -F config-ssh login -W %h:%p
Formatted image of config-ssh below:
*One caveat is that I'm trying to use a Yubikey as well on node01. This relates back to a different response you had with regards to an interactive password.
Hi @healykys. I'm unfamiliar with Yubikey, but generally the way I use jump hosts is to SSH forward port 22 of the protected server via a plain SSH connection to the jumpbox.
ssh jumpbox.somedomain.com -L 2201:dangerbox.local.com:22
Now dangerbox
's SSH server is exposed on localhost:2201, and you can start up win-sshfs
pointing to it.
Regarding keyboard interactive auth, you might still run into issues there. If it doesn't accept a public key or non-interactive auth, and the keyboard-interactive auth prompt doesn't match the hardcoded "Password:" thing here, it's probably not going to work without tweaking.
@masaeedu awesome. I'll dig farther into the command you sent. That should hopefully get me farther into what I need.
Yubikey is just a 2-form authentication method (https://en.wikipedia.org/wiki/YubiKey). It's more related to the password and interactive keyboard side of the house here. I suspect I'll need to tweak it a little bit to get the yubikey to work.
Going to close this assuming you were able to get whatever you needed working using SSH forwarding; please comment if there's anything that needs to be added to support the usecase.