I see. So some care must be taken when more options are present in ~/.ssh/config - which was not my case, but I am sure that others that read this thread will use the
note you wrote on #15. ^,^ |
Quote:
On the other hand, I do not know which log file I should check, nor if I have access to the needed logs in a server (no root access) or any second level remote machine. /var/log/auth* are not accessible in the machines where I do not have root access. The network I access in the server I talked about in this thread is: - local machine do 'ssh me@remote.server.is' to access a private network - from remote.server.is command line, do 'ssh other.comp' ("other.comp" cannot be accessed directly) For the broken connections, would I want to check the logs for remove.server.is? For other.comp machine? For both? Or just my local logs are enough to point the problem cause? (but, as I said above, I do not know which files to check and what is expected to be found) |
Quote:
Going through a jump host aka bastion should be done using either the ProxyJump directive if you are using a new SSH client or ProxyCommand if you are using an old one. Otherwise if you connect with an SSH client to the bastion and then another SSH client to the inner host, you are trusting the bastion with all the secrets you might type into the inner host. By using ProxyJump or ProxyCommand you instead have an encrypted connection all the way through to your destination. So for a new SSH client, ProxyJump can be put into ~/.ssh/config or else a -J used as a runtime option: Code:
ssh -J me@remote.server.is dedec0@other.comp Code:
ssh -o ProxyCommand='ssh -W %h:%p remote.server.is' other.comp |
Re: (...) Do you still think I should ProxyJump to them?
Quote:
You pointed and described a situation that I am not sure it is what I have. The "second level" machine I described is accessed with the same account and password I use to access the first server (among other things like files, programs, ...). I had (and have) no worry in showing everything I do on the second machine for the first one. They are basically the same, except that the Internet accessible server is a FreeBSD that should not be used for many tasks beside accessing the private network. My terminal usually get these commands: Code:
$ ssh me@remove.server.is # at local machine Do you still think I should ProxyJump to them? I would (at least, I imagine) need to configure several DNS names for those remote machines I cannot access from my home or from eventual accesses around the Internet. |
Quote:
Can you use the -J option with your SSH client or does it complain? Code:
Host private1 private1.machine Code:
Host private1 private1.machine DNS entries are not needed you can go by IP address, too. Either way it is the bastion host / jump host access to names that counts. You can make shortcuts in your ~/.ssh/config file however. |
All times are GMT -5. The time now is 07:54 PM. |