Saturday, September 13, 2008

SSH ProxyCommand without netcat

The ProxyCommand is very useful when hosts are only indirectly accessible. With netcat it is relative strait forward:
ProxyCommand ssh {gw} netcat -w 1 {host} 22

Here {gw }and {host} are placeholders for the gateway and the host.

But it is also possible when netcat is not installed on the gateway:
ProxyCommand ssh {gw} 'exec 3<>/dev/tcp/{host}/22; cat <&3 & cat >&3;kill $!'

The /dev/tcp is a built-in feature of standard bash. The files don't exist. To check whether bash has this feature built-in use run cat < /dev/tcp/google.com/80 on the gateway. To make sure that bash is used, use:
ProxyCommand ssh {gw} "/bin/bash -c 'exec 3<>/dev/tcp/{host}/22; cat <&3 & cat >&3;kill $!'"

And it even works together with ControlMaster.

(Updated on Oct 22 to include kill to clean up background cat)
(Updated on Mar 3 2011 to make placeholders more clear and explain /dev/tcp)

43 comments:

Anonymous said...

That is one great trick, I'll try this one on different UNIX/Linux systems! Thanks for this hint!

Anonymous said...

Not bad the idea, but for me that leaves one idle cat around after teminating the connection.

Roland said...

Yes, it leaves one cat around. Didn't worry about it. Not sure how one could prevent that.

Anonymous said...

How about closing the file descriptor #3 after everything was done? Will this work? --
ProxyCommand ssh {gw} 'exec 3<>/dev/tcp/{host}/22;(cat <&3 & );cat >&3; exec 3>&-;'

Roland said...

Closeing the file descriptor doesn't exit the background cat for me. But your comment made me realized one can just kill the background cat after the connection is finished. Thanks. I updated it in the article.

placidrage said...

I am sorry to bump up an old post, I am trying your solution with a slightly different approach, but doesn't seem to work and it's mainly because I don't think I understand the proxy command line correctly.

What's the {gw} string? and is the {host} the same as the %h variable?

And on a second note /dev/tcp directory doesn't exist either on my local or remote machine during an ssh connection.

Is it possible to explain the expression with the exec:
exec 3<>/dev/tcp/{host}/22

My setup looks something like this:

Host proxy
Hostname proxy.server.com
User myuser
DynamicForward localhost:3128

Host *.server.com
ProxyCommand /usr/bin/nc -x localhost:3128 -Pmyseconduser %h %p

In a perfect world, I'd ssh to proxy, then ssh in another console to the dev.server.com, and use proxy to browse the same server on ports 80 and 3000

The problem is that proxy doesn't have netcat installed. so no nc love there.

Any help that allows me to rewrite this trick and adapt it to my context would be appreciated.

Roland Schulz said...

I updated the post to make it more clear. Yes you can use %h if that is the valid hostname. gw is the gateway you use as intermediary machine. And you need to make sure you use bash with /dev/tcp enabled.

Brooks said...

I came across this having the problem of no netcat on the gateway, but unfortunately it has no /dev/tcp either.

I did nonetheless eventually find a solution! See, there _was_ a copy of netcat on the final target, and I could use that with an extra ssh hop:

ProxyCommand ssh {gw} ssh {host} netcat -w1 {host} 22.

It does end up with an extraneous loopback from the target to itself, but otherwise seems to work.

Oliver said...

Hi,

Great article. I ran into some problems though you might to be able to help with.

I'm trying to multihop over 2 gateways to my target using your method (netcat isn't on any of the gateways) using the following config

Host gateway1
HostName gateway1.org
User john

Host gateway2
HostName gateway2.org
User jack
ProxyCommand ssh gateway1.org 'exec 3<>/dev/tcp/gateway2.org/22; cat <&3 & cat >&3;kill $!'

Host target
HostName target.org
User jill
ProxyCommand ssh gateway2 'exec 3<>/dev/tcp/target.org/22; cat <&3 & cat >&3;kill $!'

I have problems connecting to gateway2

$ ssh gateway2
jack@gateway1.org's password:

I type in the password and always get `Permission denied, please try again.`. After the third try I get ( Permission denied (publickey,password,keyboard-interactive). ).

The thing is that I have configured gateway1 to use passwordless authentication to jack@gateway2.org and it works if I ssh into gw1 and from there into gw2.

Do you have a clue what is going on?

Oliver said...

I was able to solve my problem by adding the key from localhost to gw1's and gw2's authenticated_keys file.

Now I got my multihop setting working I see some strange fingerprints popping up.

If I use the ProxyCommand to ssh into gw2 for example, the rsa fingerprint is different. The same goes if I ssh via ProxyCommand into target.

Does anybody know why that is the case? Should I worry?

Roland Schulz said...

SSH should check the host-key for each hop and for the final destination. Each one should match. I think you either get confused that the host-key is for the gateway/destination while it is really for the other, or it is really incorrect and you should be worried.

Oliver said...

Thanks for the reply. I got no answer on the OpenSSH mailing list. It's not even maintained for over half a year.

Your reply prompted me to recheck my findings. And my error was to "only" check for
ssh-keygen -lf /etc/ssh/*
but not for
ssh-keygen -lf /etc/ssh58/*
which was the active installation. Everything looks legit and I learned a lot about ssh.

Thanks!

Ottxor said...

I recently had the case, where the gateway ran a restricted shell, where only "ssh" and "exit" were allowed.

But with OpenSSH-5.4 and later one can use:

ProxyCommand ssh -W {host}:%p ${gw}

Unknown said...

Thanks, this is an awesome trick!

Unknown said...

roshe run men
ralph lauren outlet
coach outlet store
coach outlet store
wellensteyn outlet
los angeles clippers
hollister canada
michael kors handbags
christian louboutin shoes
san antonio spurs
celine outlet
uggs outlet
oklahoma city thunder
cheap ray ban sunglasses
nike trainers
new york giants
mulberry uk
links of london jewellery
black friday 2015

chenlina said...

chenlina20160520
louis vuitton handbags
michael kors outlet
coach outlet
nike air force 1
jordan retro 11
michael kors uk
ray ban sunglasses
air jordans
michael kors outlet clearance
air max 90
marc jacobs handbags
ray ban sunglasses
hollister clothing
supra shoes
true religion jeans
tory burch handbags
coach outlet
ray ban outlet
coach factory outlet
louis vuitton handbags
louis vuitton outlet stores
toms shoes
coach factory outlet
celine outlet
oakley sunglasses
jeremy scott shoes
jordan retro
nike store
mont blanc pens
vans shoes sale
toms shoes
jordan 3 white cenment
insanity workout
jordan concords
polo ralph lauren
true religion outlet
cheap oakley sunglasses
cheap nfl jerseys
air jordan pas cher
polo ralph lauren outlet
as

Unknown said...

jianbin1122
dior outlet
moncler jackets
kobe shoes
canada goose outlet
oakley sunglasses
asics
replica watches
nike free 5
cheap nike shoes sale
louis vuitton outlet

Unknown said...

adidas uk
adidas superstar
cheap jerseys from china
nfl jerseys
michael kors handbags
longchamp outlet
nike shoes for men
louboutin chaussures
polo ralph lauren
ray ban sunglasses
20170208caiyan

Unknown said...

20170218 leilei3915
ferragamo shoes
nike free running
coach outlet
toms shoes
michael kors handbags
michael kors uk
michael kors outlet
pandora jewelry
los angeles lakers jerseys
louis vuitton outlet

Unknown said...

michael kors handbags outlet
cheap jordans
ray ban sunglasses
nike trainers uk
louis vuitton outlet online
oakley sunglasses discount
nike free run
pandora outlet store
louboutin pas cher
vans store
2017.5.22chenlixiang

barbaradillon said...

With the connection pen.io feature permitting the application Click Here to link with the targeted Facebook DJ Liker Download on your Android, PC & iPhone Devices account, the mediator could generate the DJ Liker App requisite amount of likes DJ Liker as well as remarks in absolutely.

Unknown said...

coach outlet store online
fitflops
ralph?lauren?polo?shirts
tory burch outlet
nfl jersey wholesale
giuseppe zanotti shoes
cheap oakley sunglasses
gucci outlet online
Nike Free shoes
ray bans
chanyuan2017.06.15

TriciaGonzalez said...

Our review is developed to assist you identify blogrip.com/ just what features are practical, as well as which Website ones you can skip without feeling Best High Chairs and Booster Seats like you missed out on something.

John said...

air max shoes
adidas
adidas outlet online
coach factory outlet online
gucci outlet online
ray ban sunglasses outlet
chi flat iron
nfl jerseys
nfl jerseys cheap
jordan shoes
20170801yuanyuan

Unknown said...

ugg boots
oakley sunglasses
air max
ray ban sunglasses
coach bags
jordans
birkenstock outlet
michael kors outlet
jordan shoes
michael kors outlet
201711.21wengdongdong

khairy said...

شركة تنظيف الاثاث بجدة
شركة تنظيف شقق بجدة
شركة تنظيف موكيت بجدة
شركة تنظيف مجالس بجدة
شركة تنظيف منازل بجدة
شركة تنظيف ستائر بجدة
شركة تنظيف فلل بجدة
شركة جلي بلاط بجدة

Unknown said...

jordan 1
new balance shoes
adidas flip flops
michael kors handbags
cheap jordans
nike free
polo outlet
nike kyrie 3
nike air max 2017
birkenstock sandals
20183.26chenzhisheng

Unknown said...

cheap nfl jerseys
adidas yeezy boost
ysl
kobe shoes
air jordan 4
kobe basketball shoes
adidas nmd r1

Unknown said...

jordans
ralph lauren uk
coach outlet online
pandora
pandora jewelry
nike air huarache
air jordan shoes
new york jets jerseys
kate spade sale
salomon boots

Fajar Ramdhani said...

Our herbal medicinal products Mujtabaherbal basically have 2 big benefits that is to maintain health and for treatment. Usually we pay less attention to the aspects of maintaining health and when ill-illness comes, then we focus to perform treatment measures. Obat Faringitis It is unfortunate, consciously or unconsciously this uneven pattern almost covers the whole of our society, who will only realize the importance of maintaining health Obat Abses Anus when suffering illnesses.

It is time we no Obat Tukak Lambung longer underestimate health problems because KEEPING HEALTH is much more EASY and CHEAP, compared with TREATING DISEASES. Begin a healthy lifestyle right now. Obat Leukimia Imagine if the people you love complain because of health problems, otherwise would be happy if they see they have excellent health, Obat Sesak Nafas avoid the various types of disease that tortures themselves.

If a vehicle Obat Sakit Kencing only needs to be checked regularly, when was the last time you checked your health? We believe you do not care about personal health, but many do not realize Obat Psoriasis that health can get worse all of a sudden. SO WE ARE TIME TO ASK OUT OF OUR HEALTH REASONS.Obat Gagal Jantung An example is a kidney failure disease, which usually will feel the symptoms after kidney damage around 85% !!! With 15% kidney function left, what else can we expect from its performance?

Love your health, your family, your friends, and the people whose affection you so appreciate.

Unknown said...

adidas trainers
air max 2017
salvatore ferragamo
michael kors outlet
air max 2017
pandora bracciali
stuart weitzman
ralph lauren outlet
air force 1
vibram fivefingers
2018.6.26linying

Unknown said...

canada goose outlet
jordan shoes
belstaff jackets
chloe outlet
reebok outlet store
cheap jordans
michael kors outlet
links of london
thunder jerseys
ugg outlet
chanyuan2018.06.29

Anonymous said...

You might write about the services on the blog. You should disclose it's refreshing. Your blog conclusion could accelerate your shoppers. Flworfound

5689 said...

zzzzz2018.9.5
tory burch outlet
christian louboutin outlet
oakley sunglasses wholesale
off white outlet
nike huarache
christian louboutin sale
cheap basketball shoes
ugg boots clearance
christian louboutin shoes
hermes belts

zzyytt said...

harden shoes
lebron 16
asics shoes
yeezy boost 350 v2
yeezy boost 350 v2
nike roshe
coach outlet
moncler jackets
yeezy boost
adidas tubular

Coqicoqi said...

Retro Jordan 11
Jordan Retro 11
Kyrie Shoes
Air Jordan 11
Pandora Official Site
Nike Air Max 270
Pandora Charms
Jordan 11
Yeezy boost
Ryan20190101

biggboss13online said...

Aw, this was a very nice post. Taking the time and actual effort to produce a superb article… but what can I say… I procrastinate a whole lot and never manage to get anything done.
Yeh Rishtey Hain Pyaar Ke Full Episode

Dug Dug said...

Check out Malayalam Stickers app for Android powered by the best Malayalam Stickers makers.

rajakutir said...

https://139.59.253.253/
https://13.228.222.19/
https://sbobet88.life/
https://165.232.182.143/
https://ninja368.com/
https://bet88.fun/
https://bet88.pro/
https://36.255.140.202/
https://gobet88.online/
https://52.221.98.81/
https://celebslam.com/
https://167.99.209.116/
https://uuhostel.com/
https://supjourney.com/
https://sbobet88.casino/
https://54.169.219.2/
https://shibatoto.com/
https://davismicro.com/
https://18.136.115.177/
https://duta555.xyz/
https://duta555slot.online/
https://klik555slot.online/
https://ninja368bet.com/
https://qqgo368bet.com/
https://blogs-afrique.info/
https://castelbajac-paris.com/
https://cloverquotes.com/
https://communitymanagerappreciationday.com/
https://copilotmom.com/
https://devragiles.com/
https://ecigmarkets.com/
https://elmehwar.tv/
https://freshwallpapers.info/
https://ftlob.com/
https://healthydeals.co.uk/
https://jesusandmarypatna.com/
https://lapipadelindio.com/
https://litvonline.com/
https://mannellasrl.com/
https://marc--jacobs.com/
https://mx-life.tv/
https://rayur.com/
https://sbobetasia69.com/
https://skylnk.co/
https://televisionpoint.com/
https://theimghost.com/
https://tradeasone.com/
https://agir-galiza.org/
https://ancient-technology.com/
https://arthur-chang.com/

JUDI ONLINE said...

agen judi bet88 dan link alternatif bet 88 saat ini.

mini said...

10.0.0.0.1 visit:
if you want to download video's so visit this video downloader sites
soundcloud downloader free
fb video downloader
play offline games at Nintendo how to connect a nintendo switch to a laptop

Unknown said...

Casino Royale - Live Dealer Games - Virgin Games
Casino Royale is a live casino with a large, https://sol.edu.kg/ eclectic apr casino portfolio https://vannienailor4166blog.blogspot.com/ of casino games. Players can play 출장마사지 this game with https://febcasino.com/review/merit-casino/ live dealers,

sletet said...

check that this hyperlink Full Report Dolabuy Fendi my response visit this page