LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-27-2014, 01:37 PM   #1
apss_evaluator
Member
 
Registered: Mar 2012
Posts: 115

Rep: Reputation: Disabled
ssh bridge?


Hi All,

I would like to ask if there would be a ssh command that can jump from one host

lets say

host1 needs to access host3
but host3 requires host1 to access first on host2
 
Old 06-27-2014, 02:08 PM   #2
Pearlseattle
Member
 
Registered: Aug 2007
Location: Zurich, Switzerland
Distribution: Gentoo
Posts: 934

Rep: Reputation: 104Reputation: 104
Hi
Maybe with an ssh-tunnel (option "-L") set up on host2?
 
1 members found this post helpful.
Old 06-27-2014, 03:25 PM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,604

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
Depends on what you want to do...

ssh -t host1 ssh host2 <optional command>

Forwarding X based utilities works just fine - though you might have to add a -X to the ssh option list.

BTW, the -t in the first ssh is to force a terminal so that the terminal obtained on host2 has appropriate translations.
 
1 members found this post helpful.
Old 06-30-2014, 12:33 AM   #4
apss_evaluator
Member
 
Registered: Mar 2012
Posts: 115

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jpollard View Post
Depends on what you want to do...

ssh -t host1 ssh host2 <optional command>

Forwarding X based utilities works just fine - though you might have to add a -X to the ssh option list.

BTW, the -t in the first ssh is to force a terminal so that the terminal obtained on host2 has appropriate translations.
Thanks for your suggestion, Actually I am really not yet sure and confused if this would work. So I have been making situations the hard way (sorry for that)


host1 = windows box that will run the script as "user1" using a tool via click button
button from windows tool will run the script = plink.exe -ssh -pw <password> -noagent user1@host2 "/opt/user2/test_script.sh host3"

host2 = required going to host3 "user1" is already there

host3 = where the script resides owned by user2(/opt/user2/test_script.sh)
I am able to run the script from host3 1st it is required to login as "user1" then sudo su to "user2" to run the script
command in host3 as user1:
* sudo su - user2
* ./test_script.sh


so I tried this:

* from host3 I made this file = /etc/sudoers.d/testuser
Cmnd_Alias TESTSCRIPT = /opt/user2/test_script.sh
%testusers ALL=(user2) NOPASSWD: TESTSCRIPT

note: included on %testusers group is user1


* from host2 I tried to 1st to run the script suing the command below:
/usr/bin/ssh host3 "/usr/bin/sudo /opt/user2/test_script.sh"

but what I got is this error = "sudo: sorry, you must have a tty to run sudo"

please advise. thanks in advance
 
Old 06-30-2014, 04:10 AM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,604

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
You would have to use the -t option (that directs ssh to allocate a terminal) in the ssh command sent to host3.

It is also possible to change the configuration of sudo to not require a terminal, but that doesn't mean that the command started by sudo won't require a terminal. I just find it easier to use the -t option.
 
1 members found this post helpful.
Old 07-03-2014, 12:31 PM   #6
apss_evaluator
Member
 
Registered: Mar 2012
Posts: 115

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jpollard View Post
You would have to use the -t option (that directs ssh to allocate a terminal) in the ssh command sent to host3.

It is also possible to change the configuration of sudo to not require a terminal, but that doesn't mean that the command started by sudo won't require a terminal. I just find it easier to use the -t option.
I partially made it using this command from host1

ssh -t host2 ssh -t -t host3 "/usr/bin/sudo -u user2 /opt/user2/test_script.sh"

however it still asks me password from host2 and host 3
 
Old 07-03-2014, 12:42 PM   #7
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Do you have all of the necessary ssh keys set up?
 
1 members found this post helpful.
Old 07-03-2014, 12:47 PM   #8
apss_evaluator
Member
 
Registered: Mar 2012
Posts: 115

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by suicidaleggroll View Post
Do you have all of the necessary ssh keys set up?
I'm on still trying to make it work, however I have a doubt it would not work completely since my ssh command is calling to sudo switch to another user
 
Old 07-03-2014, 12:50 PM   #9
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
It's running the sudo after the ssh, so it shouldn't be an issue. Just make sure you can ssh from host1 to host2 without a password, then from host2 to host3 without a password. If you can't do it interactively then the script won't be able to do it either.

You will need the permission to run "sudo -u user2 /opt/user2/test_script.sh" without a password on host3 though. If sudo is not configured to let you do that, then you need to re-think how you're approaching the problem.

Last edited by suicidaleggroll; 07-03-2014 at 12:52 PM.
 
1 members found this post helpful.
Old 07-03-2014, 01:38 PM   #10
apss_evaluator
Member
 
Registered: Mar 2012
Posts: 115

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by suicidaleggroll View Post
It's running the sudo after the ssh, so it shouldn't be an issue. Just make sure you can ssh from host1 to host2 without a password, then from host2 to host3 without a password. If you can't do it interactively then the script won't be able to do it either.

You will need the permission to run "sudo -u user2 /opt/user2/test_script.sh" without a password on host3 though. If sudo is not configured to let you do that, then you need to re-think how you're approaching the problem.
for some reasons connecting host1 to host2 still asks me password, I've followed this steps = http://centos.tips/ssh_nopw/
but I did not achieve the passwordless login from host1 to host2

I am using host1 running in windows box and I tried to setup the ssh-keygen -t rsa steps from the cygwin
 
Old 07-03-2014, 01:53 PM   #11
JeremyBoden
Member
 
Registered: Nov 2011
Posts: 939

Rep: Reputation: 174Reputation: 174
Did you supply a password when setting up ssh?
Slightly confusingly, it is more secure to just press the enter key to avoid setting up a password.

Use a strong passphrase instead.
 
1 members found this post helpful.
Old 07-03-2014, 02:17 PM   #12
apss_evaluator
Member
 
Registered: Mar 2012
Posts: 115

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by JeremyBoden View Post
Did you supply a password when setting up ssh?
Slightly confusingly, it is more secure to just press the enter key to avoid setting up a password.

Use a strong passphrase instead.
I followed exactly the steps, I did tried entering passphrase but same result.

I'll try on putty using puttygen steps I saw, if it works then I could say cygwin is not capable on passwordless ssh
 
Old 07-03-2014, 02:42 PM   #13
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Cygwin is fine, chances are it's a permissions issue.

On host2, run the following:
Code:
chmod 750 ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys*
 
Old 07-03-2014, 07:19 PM   #14
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
try something like this in your ~/.ssh/config file. <see the links in my signature for more info on ssh keys and config files>

Code:
Host	server_B
	User	users_name_on_server_B
	ProxyCommand ssh -qax -W %h:%p URL_or_IP_server_A
	Ciphers aes256-ctr,aes256-cbc
Then you can just issue the following simple command:

Code:
 ssh server_B
poof you are in server_B, but you will still require log in credentials for server_A and server_B to gain access to server_B. setting up ssh keys will make its virtually instantaneous.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Can't connect to SSH server on a VirtualBox VM (bridge mode) yzT! Linux - Networking 2 03-03-2014 12:59 PM
LXer: Intel SNA Performance Of Sandy Bridge, Ivy Bridge, Haswell LXer Syndicated Linux News 0 10-14-2013 12:02 AM
bridge / qemu - bridge is natting multicast traffic eantoranz Linux - Networking 1 12-31-2012 07:46 PM
LXer: RC6 To Be Flipped On For Sandy Bridge, Ivy Bridge LXer Syndicated Linux News 0 12-11-2011 07:12 AM
distro for firewall+bridge+ssh masand Linux - Distributions 6 08-16-2005 12:14 PM


All times are GMT -5. The time now is 09:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration