I think the root of my issues is no clear understanding of how authentication works along with ProxyCommand. In my setup I have public key auth with host that I use in ProxyCommand to run nc. And the destination host needs password auth. So when I supply username/password - which host does it apply to ? One that is serving as a relay and running nc or the final destination ?
Here is relevant part of my code. May be I need properly destroy $ssh before opening new connection too. To not stumble upon remains of the previous failed public key attempt.
while ( GO OVER ALL HOSTS I HAVE ) { // FIGURE OUT IF CAN BE REACHED DIRECT my $ssh; my @pw_opts = ( -o => "CheckHostIP no", -o => "ConnectionAttempts 1", -o => "ForwardAgent yes", -o => "HashKnownHosts no", -o => "StrictHostKeyChecking=no", -o => "VerifyHostKeyDNS no", -o => "UserKnownHostsFile /dev/null", -o => "ConnectTimeout 5", -o => "HostbasedAuthentication no", -o => "ChallengeResponseAuthentication no", -o => "RhostsRSAAuthentication no", -o => "GSSAPIAuthentication no", ); my @pubkey_opts = @pw_opts; push @pubkey_opts, ( -o => "PasswordAuthentication no"); push @pubkey_opts, ( -o => "PubkeyAuthentication yes"); push @pubkey_opts, ( -o => "PreferredAuthentications publickey +"); push @pw_opts, ( -o => "PreferredAuthentications=password"); push @pw_opts, ( -o => "NumberOfPasswordPrompts=1"); if( NOT REACHABLE DIRECT ) { push @pw_opts, (-o => 'ProxyCommand=ssh root@'.$sshgw. +' nc %h 22'); push @pubkey_opts, (-o => 'ProxyCommand=ssh root@'.$ss +hgw.' nc %h 22'); } $ssh = Net::OpenSSH->new( $user.'@'.$host, master_opts => \@pubkey_opts, master_stdout_discard => 1, master_stderr_discard => 1, ); if($ssh->error) { print "SSH key auth didn't work for $host, will try pa +sswords...\n"; foreach my $pass (@passwords) { $ssh = Net::OpenSSH->new( $user.'@'.$host, password => $pass, master_opts => \@pw_opts, kill_ssh_on_timeout => 1, # master_stdout_discard => 1, # master_stderr_discard => 1, ); if(!$ssh->error) { print "Authenticated with password to +$host\n" if($debug); last; } else { print "SSH returned : ".$ssh->error."\ +n" if($debug); } } if($ssh->error) { print "Can not login into $host : ".$ssh->erro +r."\n"; next; } } else { print "SSH key accepted at $host\n"; } }
In reply to Re^4: Establishing SSH tunnel and opening another SSH connection through it
by tehcook
in thread Establishing SSH tunnel and opening another SSH connection through it
by tehcook
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |