It seems a simple thing, but I am stuck.
On an Ubuntu machine, to ssh into a particular REMOTE_HOST
machine, until now I could do
ssh REMOTE_HOST
as expected (keys are all setup fine). Now, I am forced to setup an ssh tunnel through a particular BRIDGE_HOST
machine with
ssh -L 2222:REMOTE_HOST:22 BRIDGE_HOST -N -f
and then I can ssh to the REMOTE_HOST with
ssh -p 2222 localhost
This works perfectly fine although things are a little more complicated. Here are a few problems:
localhost
runs OpenSSH_7.2p2 so there is no -J / ProxyJump option, if that would help. I am not able to update OpenSSH, or at least I would prefer to avoid it.I must login on
REMOTE_HOST
with a password so I need to usesshpass
(please do not tell me that I should not, I have no control on this). So the firstssh
command above is not quite as shown but more complicated; yet, I think it adds nothing to show the more complex version. But this is a constraint I have and, I am afraid, prevents some cleaner solutions.There is no shell on
REMOTE_HOST
and as far as I can tell (or I understand) I am only allowed to setup tunnels.
Anyway, I can ssh into REMOTE_HOST
with these two steps, but what I would like to do is to hide all this in .ssh/config
to make this transparent (especially for CVS, see below). Something like this appears to be fine:
Host REMOTE_HOST
Hostname localhost
Port 2222
ProxyCommand tcsh -c "ssh -L 2222:REMOTE_HOST:22 BRIDGE_HOST -N -f; nc %h %p"
If I now run
ssh REMOTE_HOST
I can ssh into REMOTE_HOST
as if the tunnel did not exist. Great.
The final source of complication (and the question) is that I want to use this ssh connection also for CVS. Everything is certainly setup fine from the CVS side (e.g., it was working when I did not have to use BRIDGE_HOST
). And if I now run
cvs up
in an appropriate directory, everything seems to work fine... but the cvs
command, after doing its job properly, never terminates. I seem to understand that this is because the ssh creating the tunnel is still running at the end. I would be happy to kill it, but I cannot figure out how. Relatedly, note that if I omit ProxyCommand
in .ssh/config
and if the tunnel is setup manually before, all is perfectly fine and CVS runs smoothly (and terminates). I would forget ProxyCommand
and set up autossh
but I understand it does not work with sshpass
. I could setup a cron job or some script that manually keeps the tunnel alive, but I think (or hope) that there must be a better way....
What is the correct, simplest, and cleanest way to achieve the result I desire? That is, simply use cvs
as always despite the insertion of BRIDGE_HOST
on which I have no control whatsoever?
nc
has run. But I have a problem and I do not understand what happens. Imagine for a moment that the tunnel is setup manually before runningcvs up
and I setProxyCommand sh -c ">&2 echo START ; /bin/nc %h %p ; >&2 echo STOP"
, CVS runs fine, "START" is sent to the console before CVS runs, but "STOP" never appears. If I run the same command in the shell with %h = localhost and %p = 2222, the behaviour is as expected and STOP appears oncenc
dies with a CTRL-D. Why?!