14

I have ssh configured to automatically forward through the bastion host:

Host bastion_host
    HostName bastion.example.com

Host internal_host
    ProxyCommand ssh -q bastion_host nc -q0 internal_host.dmz 22
    User internal_user

This works. However, if I try to connect via mosh I get the following error:

$ mosh internal_host
/usr/local/bin/mosh: Could not resolve hostname internal_host
ssh_exchange_identification: Connection closed by remote host
/usr/local/bin/mosh: Did not find remote IP address (is SSH ProxyCommand disabled?).

What I'm looking for is a mosh connection from my system to the bastion host and a normal ssh tunnel from the bastion host to internal hosts. Possible?

Improve this question
3
  • Can you replace foo and bar with more descriptive names like bastion_host and internal_host? I'm not able to follow the config file well enough to be confident I understand your intent.
    – Nick Russo
    Commented Oct 6, 2014 at 23:01
  • Updated question, should be easier to follow now.
    – xj9
    Commented Oct 6, 2014 at 23:23
  • 1
    Excellent, the intent is clear now, and I can reproduce the problem: ssh bastion_host and ssh internal_host both work, as does mosh bastion_host, but mosh internal_host causes the error you've quoted.
    – Nick Russo
    Commented Oct 6, 2014 at 23:49

2 Answers 2

Reset to default
6
+100

You use ProxyCommand in your ssh config, and mosh mentions ProxyCommand in the error message. I think this is the vital clue. mosh uses ProxyCommand internally, and in doing so, it probably overrides your own setting.

I've avoided ProxyCommand with a manual port-forward invocation like this:

ssh -fN -L 2222:internal_host.example.com:22 bastion_host

Then I try to connect to localhost on port 2222:

mosh --ssh="ssh -p2222" internal_user@localhost

Instead of the ProxyCommand error, I get this:

mosh-server: invalid option -- 'l'
Usage: mosh-server new [-s] [-i LOCALADDR] [-p PORT] [-c COLORS] [-- COMMAND...]

I suspect that's due to different versions of mosh, as I see that even when using mosh directly without the bastion_host. In any case, a direct connection works despite the message, so I don't think that's the problem. Rather, I think the issue is that the port forwarding only handles port 22, while mosh also uses a UDP port in 60000:61000. ssh tunneling can not easily forward UDP traffic, so I think you may be better off using a different architecture.

I presume you want to use mosh for the first hop since your local machine may change networks, etc. Why not just use mosh and ssh like this (perhaps with an alias)?

mosh bastion_host ssh internal_user@internal_host
Improve this answer
2

I use mosh to connect to a bastion server, and run tmux within that session to maintain permanent connections to the internal servers. That might be more useful for your situation too.

UPDATE May 2019

I have changed my process a bit, and run tmux locally and now have a wrapper function for mosh in my ~/.zshrc. I've trimmed some of the details, but you'll get the gist:

function mosh() {
  case $@ in
  hostname)
    command mosh bastion.domain.com -- bash -c 'echo "Bouncing via bastion..." && echo && ssh hostname.domain.com'
    ;;
  *)
    command mosh "$@"
    ;;
  esac
}
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .