1

How to ssh directly to Remote Server, below is the details description. 

Local machine ---> Jump1 ----> Jump2 ----> Remote Server

From local machine there is no direct access to Remote Server and Jump2 is disable Remote Server can only be accessed from Jump2

There is no sshkegen to remote server we have to give the paswword manually.

from Local Machine we access the Jump1 with ip and port 2222 then from Jump 1 we access the Jump2 with host name default port 22.

With ssh/config file we were able to access the jump2 server without any problem. But my requirement is to directly access the remote server.

is there any possible way I don't mind entering the password for remote server.

Log

 ssh -vvv root@ip address
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ip address [ip address] port 22.

My Config file 

Host jump1
    Hostname ip.109
    Port 2222
    User avdy

Host jump2
    Hostname ip.138
    Port 22
    ProxyCommand ssh -W %h:%p jump1
    User avdy

Host remote-server
    Hostname ip.8
    Port 22
    ProxyCommand ssh -W %h:%p jump2
    User root
Shanker
  • 45
  • 1
  • 7
  • You do not need ssh-keygen on remote server to set up passwordless authentication unless it is disabled in sshd-config. – Dima Chubarov Apr 24 '17 at 06:17

1 Answers1

4

Set your ~/.ssh/config:

Host Jump1
  User jump1user
  Port 2222
Host Jump2
  ProxyCommand ssh -W %h:%p Jump1
  User jump2user
Host RemoveServer
  ProxyCommand ssh -W %h:%p Jump2
  User remoteUser

Or with new OpenSSH 7.3:

Host RemoveServer
  ProxyJump jump1user@Jump1,jump2user@Jump2
  User remoteUser

Then you can connect simply using ssh RemoteServer

Jakuje
  • 24,773
  • 12
  • 69
  • 75
  • My version `openssh-server-5.3p1` but with the above config file example its not working. getting error `ssh: connect to host ip.address port 22: Connection timed out` – Shanker Apr 24 '17 at 07:29
  • For jump host there is one user and for remote server there is a different user. – Shanker Apr 24 '17 at 07:30
  • Set `LogLevel DEBUG3` and post the log. Which of the connections times out? – Jakuje Apr 24 '17 at 07:31
  • Add the `Port` option for the `Jump1`. – Jakuje Apr 24 '17 at 07:37
  • Do not connect using `ssh -vvv root@ip address`. Use the name defined in the configuration file: `ssh ff1bp-vsns0001n`. – Jakuje Apr 24 '17 at 07:42
  • Great.... its working now. its asking me for password now, can i give password there itself in the config file – Shanker Apr 24 '17 at 07:44
  • It will, unless you set up passwordless authentication between your server and each of the others. No, you can not set password in the config. – Jakuje Apr 24 '17 at 07:45
  • we have a password less login but its with passphrase. – Shanker Apr 24 '17 at 07:55