Page MenuHomePhabricator

ProxyCommand for jump host configuration broken
Closed, ResolvedPublic

Description

Using ProxyCommad to configure jump hosts doesn't work. In .ssh/config I've got an entry like

Host jumptoremote
    User me
    HostName remote
    ProxyCommand ssh me@login.company.de -W %h:%p

With that, ssh'ing to "jumptoremote" should first connect to login.company.de and from there to "remote" in a transparent way. Note that there is also the ProxyJump command for that since OpenSSH 7.3, but which is not supported by libssh (on the command line both variants work fine).

I'm not using libssh directly but from KDE's Dolphin (KIO) and was asked to report this bug here. See https://bugzilla.suse.com/show_bug.cgi?id=1082703.

Event Timeline

maiphi created this task.Oct 11 2018, 2:52 PM
asn assigned this task to Jakuje.Nov 6 2018, 2:12 PM
asn added a subscriber: asn.

Jakub, didn't we already fix this?

asn added a project: Restricted Project.Nov 6 2018, 2:13 PM
Jakuje added a comment.Nov 6 2018, 2:23 PM

Probably not. I assume this is not only about configuration parser (which was fixed in several aspects recently), but instead about the way how the proxycommand is implemented in libssh (I am actually not sure how does it work there). The important are errors with ProxyCommand, but for further investigation, some debugging log will be needed:

Socket error: disconnected

The ProxyJump is not implemented at all so the option is ignored now. Implementing it should probably be only about wiring existing things in libssh to implement the IO redirection similar to OpenSSH's "ssh -W".

Jakuje added a comment.Dec 4 2018, 2:20 PM

@maiphi can you provide some debug log from libssh or at least the error you see? From what is covered in the test cases now, it should work with current libssh, but I do not think we will be able to establish two separate networks with the socket wrapper to reproduce the issue in the full size in the testsuite.

In any case, I have a branch with ProxyJump option parsing ready so I would be glad for any feedback or testing:

https://gitlab.com/jjelen/libssh-mirror/commits/proxy-command

I installed libssh from your proxy-command branch on tumbleweed and on Leap 15.0. On both systems both the ProxyJump and the ProxyCommand way of defining jump hosts works (with KDE's virtual file system). Don't know how to create logs with libssh, though. If you still need them, I'll make a greater effort. But from my point of view the problem seems to be solved. Thanks a lot!

Jakuje closed this task as Resolved.May 20 2019, 5:50 PM

Fixed in 990794c58045d5afe69d2fa861fe32b7f547b1fd

Even better solution would be to implement the proxyjump with internal libssh session doing the IO forwarding, rather than invoking openssh clients, but it is more like nice-to-have feature for future.