2

I'm trying to setup host in .ssh/config file with specified username. The problem is - this is ssh connection to cyberark host.

so - with this command I can connect to the target host:

ssh user1@user2@ip1@ip2

or with this command - works as well:

ssh ip2 -l user1@user2@ip1

but, I cannot connect when using this configuration in .ssh/config :

Host targethost
  Hostname ip2
  User user1@user2@ip1

Then when I try ssh targethost, I have connection timeout. I tried to put username into quotes, but this didn't help as well.

Any idea?

[EDIT:]

Output of ssh -Tv

$ ssh -Tv ip2
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /home/user/user_profile/ssh_config
debug1: /home/user/.ssh/config line 14: Applying options for ip2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to ip2 [x.x.x.x] port 22.

And then it is hanging

/etc/ssh/ssh_config from line 58:

Host *
        GSSAPIAuthentication yes
        ForwardX11Trusted yes
        SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
        SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
        SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
        SendEnv XMODIFIERS
robson
  • 1,623
  • 8
  • 28
  • 43
  • While you asked for an `.ssh/config` and VonC's answer seems to work, I found it quite limiting to create a new configuration for each server since the User field does not allow token, thus I created a workaround for myself: https://stackoverflow.com/q/73665337/2010467 – Benjamin Sep 09 '22 at 17:16

1 Answers1

0

It should work through config (as confirmed here), provided you use the right entry for "username":

Host targethost
  Hostname ip2
  User user1@user2@ip1  <====

It should be User, not Username.
See "SSH Config File Example" for illustration.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Note to self: That was my **25000th answer** on Stack Overflow (in 147 months), less than 6 months after the [24000th answer](https://stackoverflow.com/a/62688871/6309). Before that: [23000th answer](https://stackoverflow.com/a/59853332/63099), [22000th answer](https://stackoverflow.com/a/57387243/6309), [21000th answer](https://stackoverflow.com/a/54856158/6309), [20000th answer](https://stackoverflow.com/a/51915541/6309), [19000th answer](https://stackoverflow.com/a/49421565/6309), [18000th answer](https://stackoverflow.com/a/46860745/6309), ... – VonC Dec 20 '20 at 01:11
  • Sorry, my mistake in description. I have indeed `User` in my config. Anyway it is not working for me. Typing ssh command with username directly to shell works, but looks like doesn't read user name from config for this particular configuration. – robson Dec 21 '20 at 06:20
  • @robson Can you try `ssh -Tv targethost` to check what ssh is doing? – VonC Dec 21 '20 at 07:23
  • Please see update of my post with output of ssh -Tv command, thanks – robson Dec 22 '20 at 08:59
  • @robson What is the option in line 58 of `~/.ssh/config`? – VonC Dec 22 '20 at 09:28
  • @robson Just for testing, can you try without those global '`*`' options, removing that section from your `~/.ssh/config`? – VonC Dec 22 '20 at 11:39
  • but this is not my local config - but global one /etc/ssh/ssh_config, and I'm not allowed to change that (lack of permissions). In my local config there is just this entry at line 14 described above (for the Host targethost) – robson Dec 22 '20 at 12:28
  • @robson system config, right. For testng, can you confirm that another remote user account, one *without* any `@` in it, would work? – VonC Dec 22 '20 at 19:59
  • yes, for other hosts not related to CyberArk and standard username works – robson Dec 23 '20 at 07:08
  • @robson Is is possible to confirm that is works with a standard name on the same host? – VonC Dec 23 '20 at 08:51
  • yes, I have some entries for other hosts and it is working fine – robson Jan 19 '21 at 15:26