SSH to multiple servers [Access denied]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I need to write a script to remotely connect from home to my university server via ssh and then from the server terminal, ssh to a virtual machine to process some data. Is this possible?



This is what I have tried so far:



#!/usr/bin/expect
set login "myuser"
set addr "test.ac.uk"
set addr2 "t002"
set pw "mypassword"

spawn ssh -o StrictHostKeyChecking=no $login@$addr
expect "$login@$addr's password:"
send "$pwr"
expect "#"
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
expect "$login@$addr2's password:"
send "$pwr"
expect "#"
send "cd /developerr"
interact


Error: ssh: connect to host t002 port 22: Connection refused



This is the way I'm currently logging in manually from home successfully:



~/Desktop # ssh host


prompt to enter password.



Once logged on successfully.



-bash-4.2$ ssh user@t002


prompt to enter password again.



EDIT: I updated the second ssh line as suggested by Mike.



From:



spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22


To:



send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"



Now the script returns access denied, but at the same time it does log me into the server but not the virtual machine.










share|improve this question























  • If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is type ssh t001 on your box at home and you will automatically hop through the jumpbox to the VM.
    – cryptarch
    Nov 22 at 18:33










  • Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
    – user2023
    Nov 22 at 18:54










  • is the difference between the t001 host in the manual method and the t002 in the expect script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.
    – mosvy
    Nov 22 at 20:19











  • Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
    – user2023
    Nov 22 at 20:22










  • try getting rid of the -p 22 in the send "ssh... command.
    – mosvy
    Nov 22 at 20:26















up vote
2
down vote

favorite












I need to write a script to remotely connect from home to my university server via ssh and then from the server terminal, ssh to a virtual machine to process some data. Is this possible?



This is what I have tried so far:



#!/usr/bin/expect
set login "myuser"
set addr "test.ac.uk"
set addr2 "t002"
set pw "mypassword"

spawn ssh -o StrictHostKeyChecking=no $login@$addr
expect "$login@$addr's password:"
send "$pwr"
expect "#"
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
expect "$login@$addr2's password:"
send "$pwr"
expect "#"
send "cd /developerr"
interact


Error: ssh: connect to host t002 port 22: Connection refused



This is the way I'm currently logging in manually from home successfully:



~/Desktop # ssh host


prompt to enter password.



Once logged on successfully.



-bash-4.2$ ssh user@t002


prompt to enter password again.



EDIT: I updated the second ssh line as suggested by Mike.



From:



spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22


To:



send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"



Now the script returns access denied, but at the same time it does log me into the server but not the virtual machine.










share|improve this question























  • If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is type ssh t001 on your box at home and you will automatically hop through the jumpbox to the VM.
    – cryptarch
    Nov 22 at 18:33










  • Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
    – user2023
    Nov 22 at 18:54










  • is the difference between the t001 host in the manual method and the t002 in the expect script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.
    – mosvy
    Nov 22 at 20:19











  • Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
    – user2023
    Nov 22 at 20:22










  • try getting rid of the -p 22 in the send "ssh... command.
    – mosvy
    Nov 22 at 20:26













up vote
2
down vote

favorite









up vote
2
down vote

favorite











I need to write a script to remotely connect from home to my university server via ssh and then from the server terminal, ssh to a virtual machine to process some data. Is this possible?



This is what I have tried so far:



#!/usr/bin/expect
set login "myuser"
set addr "test.ac.uk"
set addr2 "t002"
set pw "mypassword"

spawn ssh -o StrictHostKeyChecking=no $login@$addr
expect "$login@$addr's password:"
send "$pwr"
expect "#"
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
expect "$login@$addr2's password:"
send "$pwr"
expect "#"
send "cd /developerr"
interact


Error: ssh: connect to host t002 port 22: Connection refused



This is the way I'm currently logging in manually from home successfully:



~/Desktop # ssh host


prompt to enter password.



Once logged on successfully.



-bash-4.2$ ssh user@t002


prompt to enter password again.



EDIT: I updated the second ssh line as suggested by Mike.



From:



spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22


To:



send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"



Now the script returns access denied, but at the same time it does log me into the server but not the virtual machine.










share|improve this question















I need to write a script to remotely connect from home to my university server via ssh and then from the server terminal, ssh to a virtual machine to process some data. Is this possible?



This is what I have tried so far:



#!/usr/bin/expect
set login "myuser"
set addr "test.ac.uk"
set addr2 "t002"
set pw "mypassword"

spawn ssh -o StrictHostKeyChecking=no $login@$addr
expect "$login@$addr's password:"
send "$pwr"
expect "#"
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
expect "$login@$addr2's password:"
send "$pwr"
expect "#"
send "cd /developerr"
interact


Error: ssh: connect to host t002 port 22: Connection refused



This is the way I'm currently logging in manually from home successfully:



~/Desktop # ssh host


prompt to enter password.



Once logged on successfully.



-bash-4.2$ ssh user@t002


prompt to enter password again.



EDIT: I updated the second ssh line as suggested by Mike.



From:



spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22


To:



send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"



Now the script returns access denied, but at the same time it does log me into the server but not the virtual machine.







ssh






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 at 20:21

























asked Nov 22 at 17:57









user2023

133




133











  • If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is type ssh t001 on your box at home and you will automatically hop through the jumpbox to the VM.
    – cryptarch
    Nov 22 at 18:33










  • Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
    – user2023
    Nov 22 at 18:54










  • is the difference between the t001 host in the manual method and the t002 in the expect script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.
    – mosvy
    Nov 22 at 20:19











  • Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
    – user2023
    Nov 22 at 20:22










  • try getting rid of the -p 22 in the send "ssh... command.
    – mosvy
    Nov 22 at 20:26

















  • If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is type ssh t001 on your box at home and you will automatically hop through the jumpbox to the VM.
    – cryptarch
    Nov 22 at 18:33










  • Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
    – user2023
    Nov 22 at 18:54










  • is the difference between the t001 host in the manual method and the t002 in the expect script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.
    – mosvy
    Nov 22 at 20:19











  • Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
    – user2023
    Nov 22 at 20:22










  • try getting rid of the -p 22 in the send "ssh... command.
    – mosvy
    Nov 22 at 20:26
















If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is type ssh t001 on your box at home and you will automatically hop through the jumpbox to the VM.
– cryptarch
Nov 22 at 18:33




If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is type ssh t001 on your box at home and you will automatically hop through the jumpbox to the VM.
– cryptarch
Nov 22 at 18:33












Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
– user2023
Nov 22 at 18:54




Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
– user2023
Nov 22 at 18:54












is the difference between the t001 host in the manual method and the t002 in the expect script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.
– mosvy
Nov 22 at 20:19





is the difference between the t001 host in the manual method and the t002 in the expect script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.
– mosvy
Nov 22 at 20:19













Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
– user2023
Nov 22 at 20:22




Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
– user2023
Nov 22 at 20:22












try getting rid of the -p 22 in the send "ssh... command.
– mosvy
Nov 22 at 20:26





try getting rid of the -p 22 in the send "ssh... command.
– mosvy
Nov 22 at 20:26











3 Answers
3






active

oldest

votes

















up vote
3
down vote



accepted










It is a common problem that you want to get to a server which is not directly accessible from the external internet, but it is accessible from a publicly exposed intermediate host. (The intermediate host is called a jumpbox.)



Since this problem is so common, it is natural that OpenSSH would provide convenience methods that simplify working with jumpboxes (or jumpboxen?). There are two ways, an old way and a new way. The old way still works, but the new way is more intuitive and makes fewer assumptions about what applications are available on the jumpbox.



Using the example machines mentioned in the question, it can be done like so:



ssh -o StrictHostKeyChecking=no -o ProxyJump=myuser@test.ac.uk myuser@t002


Or, rather than -o ProxyJump=myuser@test.ac.uk, I think -W myuser@test.ac.uk is equivalent.



Either way, that method requires a new enough version of OpenSSH. If you get stuck with an old version, you need to do something like this:



ssh -o StrictHostKeyChecking=no -o ProxyCommand='ssh myuser@test.ac.uk "nc %h %p"' myuser@t002


The old way assumes you have netcat installed on the jumpbox.



Another benefit of the new way is you don't need to keep a private key on the jumpbox. ProxyJump is clever enough to try using the private key you have locally. So, if the jumpbox is compromised, it need not be able to compromise anything behind the jumpbox.



Now, you might get sick of writing out that big long command every time. The more you use ssh, the more incentive you will have to set up an $HOME/.ssh/config. That is a file where you can give aliases to remote hosts, and associate particular configurations with those hosts.



For your example, an ssh_config would be set up like so:



Host jumpbox
User myuser
Hostname test.ac.uk
StrictHostKeyChecking=no

Host t002
User myuser
StrictHostKeyChecking=no
ProxyJump jumpbox


With that configuration in place, you should now be able to log into t002 using a much simpler command:



ssh t002


There is a lot of other cool stuff you can do with an ssh_config. Have a look through man ssh_config and revisit it every now and then as you learn more about ssh. You'll keep finding more cool things you can do :)



An example introductory walkthrough to setting up an ssh config is https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/






share|improve this answer




















  • Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
    – user2023
    Nov 23 at 12:05










  • Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Use ssh-keygen to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can use ssh-agent to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
    – cryptarch
    Nov 25 at 22:01






  • 1




    Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
    – user2023
    Nov 25 at 22:59

















up vote
1
down vote













You spawn a new ssh. Try:



send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"





share|improve this answer




















  • Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
    – user2023
    Nov 22 at 19:55

















up vote
1
down vote













I would just use a command in a script to reduce typing, and type the user creds!



#!/bin/bash
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -o StrictHostKeyChecking=no myuser@t002'


Tailor to your needs..



ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no myuser@t002'


Copy the key from the 1st server to your pc and referance it like so:



ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no -i /ssh/1stserverkey myuser@t002'





share|improve this answer






















  • Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
    – user2023
    Nov 22 at 18:30










  • O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
    – Michael Prokopec
    Nov 22 at 19:20










  • I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
    – Michael Prokopec
    Nov 22 at 19:24










  • I look forward to your response.
    – user2023
    Nov 22 at 19:56










  • Now all I need is to find out a way to get the public key to unlock remotely. @user2023
    – Michael Prokopec
    Nov 22 at 19:57











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f483504%2fssh-to-multiple-servers-access-denied%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























3 Answers
3






active

oldest

votes








3 Answers
3






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
3
down vote



accepted










It is a common problem that you want to get to a server which is not directly accessible from the external internet, but it is accessible from a publicly exposed intermediate host. (The intermediate host is called a jumpbox.)



Since this problem is so common, it is natural that OpenSSH would provide convenience methods that simplify working with jumpboxes (or jumpboxen?). There are two ways, an old way and a new way. The old way still works, but the new way is more intuitive and makes fewer assumptions about what applications are available on the jumpbox.



Using the example machines mentioned in the question, it can be done like so:



ssh -o StrictHostKeyChecking=no -o ProxyJump=myuser@test.ac.uk myuser@t002


Or, rather than -o ProxyJump=myuser@test.ac.uk, I think -W myuser@test.ac.uk is equivalent.



Either way, that method requires a new enough version of OpenSSH. If you get stuck with an old version, you need to do something like this:



ssh -o StrictHostKeyChecking=no -o ProxyCommand='ssh myuser@test.ac.uk "nc %h %p"' myuser@t002


The old way assumes you have netcat installed on the jumpbox.



Another benefit of the new way is you don't need to keep a private key on the jumpbox. ProxyJump is clever enough to try using the private key you have locally. So, if the jumpbox is compromised, it need not be able to compromise anything behind the jumpbox.



Now, you might get sick of writing out that big long command every time. The more you use ssh, the more incentive you will have to set up an $HOME/.ssh/config. That is a file where you can give aliases to remote hosts, and associate particular configurations with those hosts.



For your example, an ssh_config would be set up like so:



Host jumpbox
User myuser
Hostname test.ac.uk
StrictHostKeyChecking=no

Host t002
User myuser
StrictHostKeyChecking=no
ProxyJump jumpbox


With that configuration in place, you should now be able to log into t002 using a much simpler command:



ssh t002


There is a lot of other cool stuff you can do with an ssh_config. Have a look through man ssh_config and revisit it every now and then as you learn more about ssh. You'll keep finding more cool things you can do :)



An example introductory walkthrough to setting up an ssh config is https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/






share|improve this answer




















  • Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
    – user2023
    Nov 23 at 12:05










  • Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Use ssh-keygen to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can use ssh-agent to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
    – cryptarch
    Nov 25 at 22:01






  • 1




    Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
    – user2023
    Nov 25 at 22:59














up vote
3
down vote



accepted










It is a common problem that you want to get to a server which is not directly accessible from the external internet, but it is accessible from a publicly exposed intermediate host. (The intermediate host is called a jumpbox.)



Since this problem is so common, it is natural that OpenSSH would provide convenience methods that simplify working with jumpboxes (or jumpboxen?). There are two ways, an old way and a new way. The old way still works, but the new way is more intuitive and makes fewer assumptions about what applications are available on the jumpbox.



Using the example machines mentioned in the question, it can be done like so:



ssh -o StrictHostKeyChecking=no -o ProxyJump=myuser@test.ac.uk myuser@t002


Or, rather than -o ProxyJump=myuser@test.ac.uk, I think -W myuser@test.ac.uk is equivalent.



Either way, that method requires a new enough version of OpenSSH. If you get stuck with an old version, you need to do something like this:



ssh -o StrictHostKeyChecking=no -o ProxyCommand='ssh myuser@test.ac.uk "nc %h %p"' myuser@t002


The old way assumes you have netcat installed on the jumpbox.



Another benefit of the new way is you don't need to keep a private key on the jumpbox. ProxyJump is clever enough to try using the private key you have locally. So, if the jumpbox is compromised, it need not be able to compromise anything behind the jumpbox.



Now, you might get sick of writing out that big long command every time. The more you use ssh, the more incentive you will have to set up an $HOME/.ssh/config. That is a file where you can give aliases to remote hosts, and associate particular configurations with those hosts.



For your example, an ssh_config would be set up like so:



Host jumpbox
User myuser
Hostname test.ac.uk
StrictHostKeyChecking=no

Host t002
User myuser
StrictHostKeyChecking=no
ProxyJump jumpbox


With that configuration in place, you should now be able to log into t002 using a much simpler command:



ssh t002


There is a lot of other cool stuff you can do with an ssh_config. Have a look through man ssh_config and revisit it every now and then as you learn more about ssh. You'll keep finding more cool things you can do :)



An example introductory walkthrough to setting up an ssh config is https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/






share|improve this answer




















  • Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
    – user2023
    Nov 23 at 12:05










  • Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Use ssh-keygen to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can use ssh-agent to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
    – cryptarch
    Nov 25 at 22:01






  • 1




    Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
    – user2023
    Nov 25 at 22:59












up vote
3
down vote



accepted







up vote
3
down vote



accepted






It is a common problem that you want to get to a server which is not directly accessible from the external internet, but it is accessible from a publicly exposed intermediate host. (The intermediate host is called a jumpbox.)



Since this problem is so common, it is natural that OpenSSH would provide convenience methods that simplify working with jumpboxes (or jumpboxen?). There are two ways, an old way and a new way. The old way still works, but the new way is more intuitive and makes fewer assumptions about what applications are available on the jumpbox.



Using the example machines mentioned in the question, it can be done like so:



ssh -o StrictHostKeyChecking=no -o ProxyJump=myuser@test.ac.uk myuser@t002


Or, rather than -o ProxyJump=myuser@test.ac.uk, I think -W myuser@test.ac.uk is equivalent.



Either way, that method requires a new enough version of OpenSSH. If you get stuck with an old version, you need to do something like this:



ssh -o StrictHostKeyChecking=no -o ProxyCommand='ssh myuser@test.ac.uk "nc %h %p"' myuser@t002


The old way assumes you have netcat installed on the jumpbox.



Another benefit of the new way is you don't need to keep a private key on the jumpbox. ProxyJump is clever enough to try using the private key you have locally. So, if the jumpbox is compromised, it need not be able to compromise anything behind the jumpbox.



Now, you might get sick of writing out that big long command every time. The more you use ssh, the more incentive you will have to set up an $HOME/.ssh/config. That is a file where you can give aliases to remote hosts, and associate particular configurations with those hosts.



For your example, an ssh_config would be set up like so:



Host jumpbox
User myuser
Hostname test.ac.uk
StrictHostKeyChecking=no

Host t002
User myuser
StrictHostKeyChecking=no
ProxyJump jumpbox


With that configuration in place, you should now be able to log into t002 using a much simpler command:



ssh t002


There is a lot of other cool stuff you can do with an ssh_config. Have a look through man ssh_config and revisit it every now and then as you learn more about ssh. You'll keep finding more cool things you can do :)



An example introductory walkthrough to setting up an ssh config is https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/






share|improve this answer












It is a common problem that you want to get to a server which is not directly accessible from the external internet, but it is accessible from a publicly exposed intermediate host. (The intermediate host is called a jumpbox.)



Since this problem is so common, it is natural that OpenSSH would provide convenience methods that simplify working with jumpboxes (or jumpboxen?). There are two ways, an old way and a new way. The old way still works, but the new way is more intuitive and makes fewer assumptions about what applications are available on the jumpbox.



Using the example machines mentioned in the question, it can be done like so:



ssh -o StrictHostKeyChecking=no -o ProxyJump=myuser@test.ac.uk myuser@t002


Or, rather than -o ProxyJump=myuser@test.ac.uk, I think -W myuser@test.ac.uk is equivalent.



Either way, that method requires a new enough version of OpenSSH. If you get stuck with an old version, you need to do something like this:



ssh -o StrictHostKeyChecking=no -o ProxyCommand='ssh myuser@test.ac.uk "nc %h %p"' myuser@t002


The old way assumes you have netcat installed on the jumpbox.



Another benefit of the new way is you don't need to keep a private key on the jumpbox. ProxyJump is clever enough to try using the private key you have locally. So, if the jumpbox is compromised, it need not be able to compromise anything behind the jumpbox.



Now, you might get sick of writing out that big long command every time. The more you use ssh, the more incentive you will have to set up an $HOME/.ssh/config. That is a file where you can give aliases to remote hosts, and associate particular configurations with those hosts.



For your example, an ssh_config would be set up like so:



Host jumpbox
User myuser
Hostname test.ac.uk
StrictHostKeyChecking=no

Host t002
User myuser
StrictHostKeyChecking=no
ProxyJump jumpbox


With that configuration in place, you should now be able to log into t002 using a much simpler command:



ssh t002


There is a lot of other cool stuff you can do with an ssh_config. Have a look through man ssh_config and revisit it every now and then as you learn more about ssh. You'll keep finding more cool things you can do :)



An example introductory walkthrough to setting up an ssh config is https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 22 at 22:15









cryptarch

3766




3766











  • Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
    – user2023
    Nov 23 at 12:05










  • Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Use ssh-keygen to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can use ssh-agent to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
    – cryptarch
    Nov 25 at 22:01






  • 1




    Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
    – user2023
    Nov 25 at 22:59
















  • Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
    – user2023
    Nov 23 at 12:05










  • Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Use ssh-keygen to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can use ssh-agent to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
    – cryptarch
    Nov 25 at 22:01






  • 1




    Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
    – user2023
    Nov 25 at 22:59















Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
– user2023
Nov 23 at 12:05




Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
– user2023
Nov 23 at 12:05












Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Use ssh-keygen to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can use ssh-agent to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
– cryptarch
Nov 25 at 22:01




Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Use ssh-keygen to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can use ssh-agent to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
– cryptarch
Nov 25 at 22:01




1




1




Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
– user2023
Nov 25 at 22:59




Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
– user2023
Nov 25 at 22:59












up vote
1
down vote













You spawn a new ssh. Try:



send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"





share|improve this answer




















  • Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
    – user2023
    Nov 22 at 19:55














up vote
1
down vote













You spawn a new ssh. Try:



send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"





share|improve this answer




















  • Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
    – user2023
    Nov 22 at 19:55












up vote
1
down vote










up vote
1
down vote









You spawn a new ssh. Try:



send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"





share|improve this answer












You spawn a new ssh. Try:



send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"






share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 22 at 19:43









Mike G

112




112











  • Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
    – user2023
    Nov 22 at 19:55
















  • Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
    – user2023
    Nov 22 at 19:55















Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
– user2023
Nov 22 at 19:55




Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
– user2023
Nov 22 at 19:55










up vote
1
down vote













I would just use a command in a script to reduce typing, and type the user creds!



#!/bin/bash
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -o StrictHostKeyChecking=no myuser@t002'


Tailor to your needs..



ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no myuser@t002'


Copy the key from the 1st server to your pc and referance it like so:



ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no -i /ssh/1stserverkey myuser@t002'





share|improve this answer






















  • Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
    – user2023
    Nov 22 at 18:30










  • O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
    – Michael Prokopec
    Nov 22 at 19:20










  • I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
    – Michael Prokopec
    Nov 22 at 19:24










  • I look forward to your response.
    – user2023
    Nov 22 at 19:56










  • Now all I need is to find out a way to get the public key to unlock remotely. @user2023
    – Michael Prokopec
    Nov 22 at 19:57















up vote
1
down vote













I would just use a command in a script to reduce typing, and type the user creds!



#!/bin/bash
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -o StrictHostKeyChecking=no myuser@t002'


Tailor to your needs..



ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no myuser@t002'


Copy the key from the 1st server to your pc and referance it like so:



ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no -i /ssh/1stserverkey myuser@t002'





share|improve this answer






















  • Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
    – user2023
    Nov 22 at 18:30










  • O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
    – Michael Prokopec
    Nov 22 at 19:20










  • I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
    – Michael Prokopec
    Nov 22 at 19:24










  • I look forward to your response.
    – user2023
    Nov 22 at 19:56










  • Now all I need is to find out a way to get the public key to unlock remotely. @user2023
    – Michael Prokopec
    Nov 22 at 19:57













up vote
1
down vote










up vote
1
down vote









I would just use a command in a script to reduce typing, and type the user creds!



#!/bin/bash
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -o StrictHostKeyChecking=no myuser@t002'


Tailor to your needs..



ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no myuser@t002'


Copy the key from the 1st server to your pc and referance it like so:



ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no -i /ssh/1stserverkey myuser@t002'





share|improve this answer














I would just use a command in a script to reduce typing, and type the user creds!



#!/bin/bash
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -o StrictHostKeyChecking=no myuser@t002'


Tailor to your needs..



ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no myuser@t002'


Copy the key from the 1st server to your pc and referance it like so:



ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no -i /ssh/1stserverkey myuser@t002'






share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 22 at 20:10

























answered Nov 22 at 18:20









Michael Prokopec

61115




61115











  • Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
    – user2023
    Nov 22 at 18:30










  • O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
    – Michael Prokopec
    Nov 22 at 19:20










  • I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
    – Michael Prokopec
    Nov 22 at 19:24










  • I look forward to your response.
    – user2023
    Nov 22 at 19:56










  • Now all I need is to find out a way to get the public key to unlock remotely. @user2023
    – Michael Prokopec
    Nov 22 at 19:57

















  • Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
    – user2023
    Nov 22 at 18:30










  • O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
    – Michael Prokopec
    Nov 22 at 19:20










  • I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
    – Michael Prokopec
    Nov 22 at 19:24










  • I look forward to your response.
    – user2023
    Nov 22 at 19:56










  • Now all I need is to find out a way to get the public key to unlock remotely. @user2023
    – Michael Prokopec
    Nov 22 at 19:57
















Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
– user2023
Nov 22 at 18:30




Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
– user2023
Nov 22 at 18:30












O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
– Michael Prokopec
Nov 22 at 19:20




O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
– Michael Prokopec
Nov 22 at 19:20












I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
– Michael Prokopec
Nov 22 at 19:24




I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
– Michael Prokopec
Nov 22 at 19:24












I look forward to your response.
– user2023
Nov 22 at 19:56




I look forward to your response.
– user2023
Nov 22 at 19:56












Now all I need is to find out a way to get the public key to unlock remotely. @user2023
– Michael Prokopec
Nov 22 at 19:57





Now all I need is to find out a way to get the public key to unlock remotely. @user2023
– Michael Prokopec
Nov 22 at 19:57


















draft saved

draft discarded
















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f483504%2fssh-to-multiple-servers-access-denied%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown






Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?