1

The setup is as follows:

  • Local PC from which I want to ssh into…
  • Gateway node gateway which is an intermediate node which is only used to ssh into…
  • Front node front, again an intermediate node, required to ssh into the final…
  • Compute node, which is the node I actually want to use

I want to setup my local ssh config such that I can directly type ssh compute.

The problem: As opposed to gateway and front, the hostname for the compute node is not static (i.e. it may change multiple times in one day). I have a script compute_node_hostname.sh on front which will output the name of the compute node, i.e. node339. How can I use it in my config?

The following simple config with the compute node hardcoded does work:

Host gateway front compute
    User …
    IdentityFile ~/.ssh/id_rsa

Host front
    HostName front
    ProxyJump gateway

Host compute
    HostName node339
    ProxyJump front

Constraint: I cannot use RemoteCommand in my config

Improve this question

1 Answer 1

Reset to default
1

Recall that 'ProxyJump' is a smarter version of 'ProxyCommand' – it does some additional work with copying the options specified in CLI, but essentially it's the same as:

Host compute
    ProxyCommand ssh -W %h:%p front

where %h and %p are automatically expanded to the requested hostname and port.

So the way you can use a dynamic hostname is by replacing the %h parameter:

Host compute
    ProxyCommand ssh -W $(compute_node_hostname.sh):%p front

Note: This won't play nicely with nodes having different hostkeys. Since you're connecting through another host that's already on the remote network, it should be safe to just disable hostkey verification for this hop.

Improve this answer
5
  • I'm very sorry, but I forgot to mention that the script is located on the front node, not my local PC. It seems like the ProxyCommand tries to access the script locally. Is there any way to change that?
    – ietz
    Commented Feb 7, 2020 at 16:56
  • The usual answer would be $(ssh front compute_node_hostname.sh), but since you ruled out RemoteCommand already, there's not really any other way to run commands remotely on front, is there?
    – grawity_u1686
    Commented Feb 7, 2020 at 17:57
  • If I use the $(ssh …) for the -W flag, I always get the following error: Bad packet length 1349676916. ssh_dispatch_run_fatal: Connection to UNKNOWN port 65535: message authentication code incorrect It also doesn't work if I copy the ssh command into a local script and call it instead. Any clue?
    – ietz
    Commented Mar 9, 2020 at 17:39
  • Does the 'inner' ssh command work all by itself? And does ssh -W the_hostname:22 front work if you expand the hostname "by hand"? (It should output nothing more than the "SSH-2.0-OpenSSH_whatever" handshake message.)
    – grawity_u1686
    Commented Mar 9, 2020 at 19:13
  • The inner command correctly outputs node339. The ssh -W node339:22 gateway outputs the SSH string alongside a stderr login message from the server. The same happens for ssh -W $(ssh front compute_node_hostname.sh):22 gateway. The ssh compute works as expected if I remove the inner ssh call from my config, i.e. ProxyCommand ssh -W $(echo node339):%p front
    – ietz
    Commented Mar 10, 2020 at 14:36

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .