SSH to multiple servers [Access denied]
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I need to write a script to remotely connect from home to my university server via ssh and then from the server terminal, ssh to a virtual machine to process some data. Is this possible?
This is what I have tried so far:
#!/usr/bin/expect
set login "myuser"
set addr "test.ac.uk"
set addr2 "t002"
set pw "mypassword"
spawn ssh -o StrictHostKeyChecking=no $login@$addr
expect "$login@$addr's password:"
send "$pwr"
expect "#"
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
expect "$login@$addr2's password:"
send "$pwr"
expect "#"
send "cd /developerr"
interact
Error: ssh: connect to host t002 port 22: Connection refused
This is the way I'm currently logging in manually from home successfully:
~/Desktop # ssh host
prompt to enter password.
Once logged on successfully.
-bash-4.2$ ssh user@t002
prompt to enter password again.
EDIT: I updated the second ssh line as suggested by Mike.
From:
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
To:
send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"
Now the script returns access denied, but at the same time it does log me into the server but not the virtual machine.
ssh
|
show 2 more comments
up vote
2
down vote
favorite
I need to write a script to remotely connect from home to my university server via ssh and then from the server terminal, ssh to a virtual machine to process some data. Is this possible?
This is what I have tried so far:
#!/usr/bin/expect
set login "myuser"
set addr "test.ac.uk"
set addr2 "t002"
set pw "mypassword"
spawn ssh -o StrictHostKeyChecking=no $login@$addr
expect "$login@$addr's password:"
send "$pwr"
expect "#"
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
expect "$login@$addr2's password:"
send "$pwr"
expect "#"
send "cd /developerr"
interact
Error: ssh: connect to host t002 port 22: Connection refused
This is the way I'm currently logging in manually from home successfully:
~/Desktop # ssh host
prompt to enter password.
Once logged on successfully.
-bash-4.2$ ssh user@t002
prompt to enter password again.
EDIT: I updated the second ssh line as suggested by Mike.
From:
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
To:
send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"
Now the script returns access denied, but at the same time it does log me into the server but not the virtual machine.
ssh
If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is typessh t001
on your box at home and you will automatically hop through the jumpbox to the VM.
– cryptarch
Nov 22 at 18:33
Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
– user2023
Nov 22 at 18:54
is the difference between thet001
host in the manual method and thet002
in theexpect
script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.
– mosvy
Nov 22 at 20:19
Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
– user2023
Nov 22 at 20:22
try getting rid of the-p 22
in thesend "ssh...
command.
– mosvy
Nov 22 at 20:26
|
show 2 more comments
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I need to write a script to remotely connect from home to my university server via ssh and then from the server terminal, ssh to a virtual machine to process some data. Is this possible?
This is what I have tried so far:
#!/usr/bin/expect
set login "myuser"
set addr "test.ac.uk"
set addr2 "t002"
set pw "mypassword"
spawn ssh -o StrictHostKeyChecking=no $login@$addr
expect "$login@$addr's password:"
send "$pwr"
expect "#"
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
expect "$login@$addr2's password:"
send "$pwr"
expect "#"
send "cd /developerr"
interact
Error: ssh: connect to host t002 port 22: Connection refused
This is the way I'm currently logging in manually from home successfully:
~/Desktop # ssh host
prompt to enter password.
Once logged on successfully.
-bash-4.2$ ssh user@t002
prompt to enter password again.
EDIT: I updated the second ssh line as suggested by Mike.
From:
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
To:
send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"
Now the script returns access denied, but at the same time it does log me into the server but not the virtual machine.
ssh
I need to write a script to remotely connect from home to my university server via ssh and then from the server terminal, ssh to a virtual machine to process some data. Is this possible?
This is what I have tried so far:
#!/usr/bin/expect
set login "myuser"
set addr "test.ac.uk"
set addr2 "t002"
set pw "mypassword"
spawn ssh -o StrictHostKeyChecking=no $login@$addr
expect "$login@$addr's password:"
send "$pwr"
expect "#"
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
expect "$login@$addr2's password:"
send "$pwr"
expect "#"
send "cd /developerr"
interact
Error: ssh: connect to host t002 port 22: Connection refused
This is the way I'm currently logging in manually from home successfully:
~/Desktop # ssh host
prompt to enter password.
Once logged on successfully.
-bash-4.2$ ssh user@t002
prompt to enter password again.
EDIT: I updated the second ssh line as suggested by Mike.
From:
spawn ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22
To:
send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"
Now the script returns access denied, but at the same time it does log me into the server but not the virtual machine.
ssh
ssh
edited Nov 22 at 20:21
asked Nov 22 at 17:57
user2023
133
133
If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is typessh t001
on your box at home and you will automatically hop through the jumpbox to the VM.
– cryptarch
Nov 22 at 18:33
Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
– user2023
Nov 22 at 18:54
is the difference between thet001
host in the manual method and thet002
in theexpect
script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.
– mosvy
Nov 22 at 20:19
Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
– user2023
Nov 22 at 20:22
try getting rid of the-p 22
in thesend "ssh...
command.
– mosvy
Nov 22 at 20:26
|
show 2 more comments
If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is typessh t001
on your box at home and you will automatically hop through the jumpbox to the VM.
– cryptarch
Nov 22 at 18:33
Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
– user2023
Nov 22 at 18:54
is the difference between thet001
host in the manual method and thet002
in theexpect
script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.
– mosvy
Nov 22 at 20:19
Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
– user2023
Nov 22 at 20:22
try getting rid of the-p 22
in thesend "ssh...
command.
– mosvy
Nov 22 at 20:26
If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is type
ssh t001
on your box at home and you will automatically hop through the jumpbox to the VM.– cryptarch
Nov 22 at 18:33
If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is type
ssh t001
on your box at home and you will automatically hop through the jumpbox to the VM.– cryptarch
Nov 22 at 18:33
Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
– user2023
Nov 22 at 18:54
Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
– user2023
Nov 22 at 18:54
is the difference between the
t001
host in the manual method and the t002
in the expect
script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.– mosvy
Nov 22 at 20:19
is the difference between the
t001
host in the manual method and the t002
in the expect
script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.– mosvy
Nov 22 at 20:19
Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
– user2023
Nov 22 at 20:22
Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
– user2023
Nov 22 at 20:22
try getting rid of the
-p 22
in the send "ssh...
command.– mosvy
Nov 22 at 20:26
try getting rid of the
-p 22
in the send "ssh...
command.– mosvy
Nov 22 at 20:26
|
show 2 more comments
3 Answers
3
active
oldest
votes
up vote
3
down vote
accepted
It is a common problem that you want to get to a server which is not directly accessible from the external internet, but it is accessible from a publicly exposed intermediate host. (The intermediate host is called a jumpbox.)
Since this problem is so common, it is natural that OpenSSH would provide convenience methods that simplify working with jumpboxes (or jumpboxen?). There are two ways, an old way and a new way. The old way still works, but the new way is more intuitive and makes fewer assumptions about what applications are available on the jumpbox.
Using the example machines mentioned in the question, it can be done like so:
ssh -o StrictHostKeyChecking=no -o ProxyJump=myuser@test.ac.uk myuser@t002
Or, rather than -o ProxyJump=myuser@test.ac.uk
, I think -W myuser@test.ac.uk
is equivalent.
Either way, that method requires a new enough version of OpenSSH. If you get stuck with an old version, you need to do something like this:
ssh -o StrictHostKeyChecking=no -o ProxyCommand='ssh myuser@test.ac.uk "nc %h %p"' myuser@t002
The old way assumes you have netcat installed on the jumpbox.
Another benefit of the new way is you don't need to keep a private key on the jumpbox. ProxyJump is clever enough to try using the private key you have locally. So, if the jumpbox is compromised, it need not be able to compromise anything behind the jumpbox.
Now, you might get sick of writing out that big long command every time. The more you use ssh, the more incentive you will have to set up an $HOME/.ssh/config
. That is a file where you can give aliases to remote hosts, and associate particular configurations with those hosts.
For your example, an ssh_config would be set up like so:
Host jumpbox
User myuser
Hostname test.ac.uk
StrictHostKeyChecking=no
Host t002
User myuser
StrictHostKeyChecking=no
ProxyJump jumpbox
With that configuration in place, you should now be able to log into t002 using a much simpler command:
ssh t002
There is a lot of other cool stuff you can do with an ssh_config. Have a look through man ssh_config
and revisit it every now and then as you learn more about ssh. You'll keep finding more cool things you can do :)
An example introductory walkthrough to setting up an ssh config is https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/
Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
– user2023
Nov 23 at 12:05
Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Usessh-keygen
to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can usessh-agent
to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
– cryptarch
Nov 25 at 22:01
1
Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
– user2023
Nov 25 at 22:59
add a comment |
up vote
1
down vote
You spawn a new ssh. Try:
send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"
Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
– user2023
Nov 22 at 19:55
add a comment |
up vote
1
down vote
I would just use a command in a script to reduce typing, and type the user creds!
#!/bin/bash
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -o StrictHostKeyChecking=no myuser@t002'
Tailor to your needs..
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no myuser@t002'
Copy the key from the 1st server to your pc and referance it like so:
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no -i /ssh/1stserverkey myuser@t002'
Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
– user2023
Nov 22 at 18:30
O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
– Michael Prokopec
Nov 22 at 19:20
I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
– Michael Prokopec
Nov 22 at 19:24
I look forward to your response.
– user2023
Nov 22 at 19:56
Now all I need is to find out a way to get the public key to unlock remotely. @user2023
– Michael Prokopec
Nov 22 at 19:57
|
show 3 more comments
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
accepted
It is a common problem that you want to get to a server which is not directly accessible from the external internet, but it is accessible from a publicly exposed intermediate host. (The intermediate host is called a jumpbox.)
Since this problem is so common, it is natural that OpenSSH would provide convenience methods that simplify working with jumpboxes (or jumpboxen?). There are two ways, an old way and a new way. The old way still works, but the new way is more intuitive and makes fewer assumptions about what applications are available on the jumpbox.
Using the example machines mentioned in the question, it can be done like so:
ssh -o StrictHostKeyChecking=no -o ProxyJump=myuser@test.ac.uk myuser@t002
Or, rather than -o ProxyJump=myuser@test.ac.uk
, I think -W myuser@test.ac.uk
is equivalent.
Either way, that method requires a new enough version of OpenSSH. If you get stuck with an old version, you need to do something like this:
ssh -o StrictHostKeyChecking=no -o ProxyCommand='ssh myuser@test.ac.uk "nc %h %p"' myuser@t002
The old way assumes you have netcat installed on the jumpbox.
Another benefit of the new way is you don't need to keep a private key on the jumpbox. ProxyJump is clever enough to try using the private key you have locally. So, if the jumpbox is compromised, it need not be able to compromise anything behind the jumpbox.
Now, you might get sick of writing out that big long command every time. The more you use ssh, the more incentive you will have to set up an $HOME/.ssh/config
. That is a file where you can give aliases to remote hosts, and associate particular configurations with those hosts.
For your example, an ssh_config would be set up like so:
Host jumpbox
User myuser
Hostname test.ac.uk
StrictHostKeyChecking=no
Host t002
User myuser
StrictHostKeyChecking=no
ProxyJump jumpbox
With that configuration in place, you should now be able to log into t002 using a much simpler command:
ssh t002
There is a lot of other cool stuff you can do with an ssh_config. Have a look through man ssh_config
and revisit it every now and then as you learn more about ssh. You'll keep finding more cool things you can do :)
An example introductory walkthrough to setting up an ssh config is https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/
Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
– user2023
Nov 23 at 12:05
Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Usessh-keygen
to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can usessh-agent
to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
– cryptarch
Nov 25 at 22:01
1
Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
– user2023
Nov 25 at 22:59
add a comment |
up vote
3
down vote
accepted
It is a common problem that you want to get to a server which is not directly accessible from the external internet, but it is accessible from a publicly exposed intermediate host. (The intermediate host is called a jumpbox.)
Since this problem is so common, it is natural that OpenSSH would provide convenience methods that simplify working with jumpboxes (or jumpboxen?). There are two ways, an old way and a new way. The old way still works, but the new way is more intuitive and makes fewer assumptions about what applications are available on the jumpbox.
Using the example machines mentioned in the question, it can be done like so:
ssh -o StrictHostKeyChecking=no -o ProxyJump=myuser@test.ac.uk myuser@t002
Or, rather than -o ProxyJump=myuser@test.ac.uk
, I think -W myuser@test.ac.uk
is equivalent.
Either way, that method requires a new enough version of OpenSSH. If you get stuck with an old version, you need to do something like this:
ssh -o StrictHostKeyChecking=no -o ProxyCommand='ssh myuser@test.ac.uk "nc %h %p"' myuser@t002
The old way assumes you have netcat installed on the jumpbox.
Another benefit of the new way is you don't need to keep a private key on the jumpbox. ProxyJump is clever enough to try using the private key you have locally. So, if the jumpbox is compromised, it need not be able to compromise anything behind the jumpbox.
Now, you might get sick of writing out that big long command every time. The more you use ssh, the more incentive you will have to set up an $HOME/.ssh/config
. That is a file where you can give aliases to remote hosts, and associate particular configurations with those hosts.
For your example, an ssh_config would be set up like so:
Host jumpbox
User myuser
Hostname test.ac.uk
StrictHostKeyChecking=no
Host t002
User myuser
StrictHostKeyChecking=no
ProxyJump jumpbox
With that configuration in place, you should now be able to log into t002 using a much simpler command:
ssh t002
There is a lot of other cool stuff you can do with an ssh_config. Have a look through man ssh_config
and revisit it every now and then as you learn more about ssh. You'll keep finding more cool things you can do :)
An example introductory walkthrough to setting up an ssh config is https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/
Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
– user2023
Nov 23 at 12:05
Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Usessh-keygen
to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can usessh-agent
to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
– cryptarch
Nov 25 at 22:01
1
Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
– user2023
Nov 25 at 22:59
add a comment |
up vote
3
down vote
accepted
up vote
3
down vote
accepted
It is a common problem that you want to get to a server which is not directly accessible from the external internet, but it is accessible from a publicly exposed intermediate host. (The intermediate host is called a jumpbox.)
Since this problem is so common, it is natural that OpenSSH would provide convenience methods that simplify working with jumpboxes (or jumpboxen?). There are two ways, an old way and a new way. The old way still works, but the new way is more intuitive and makes fewer assumptions about what applications are available on the jumpbox.
Using the example machines mentioned in the question, it can be done like so:
ssh -o StrictHostKeyChecking=no -o ProxyJump=myuser@test.ac.uk myuser@t002
Or, rather than -o ProxyJump=myuser@test.ac.uk
, I think -W myuser@test.ac.uk
is equivalent.
Either way, that method requires a new enough version of OpenSSH. If you get stuck with an old version, you need to do something like this:
ssh -o StrictHostKeyChecking=no -o ProxyCommand='ssh myuser@test.ac.uk "nc %h %p"' myuser@t002
The old way assumes you have netcat installed on the jumpbox.
Another benefit of the new way is you don't need to keep a private key on the jumpbox. ProxyJump is clever enough to try using the private key you have locally. So, if the jumpbox is compromised, it need not be able to compromise anything behind the jumpbox.
Now, you might get sick of writing out that big long command every time. The more you use ssh, the more incentive you will have to set up an $HOME/.ssh/config
. That is a file where you can give aliases to remote hosts, and associate particular configurations with those hosts.
For your example, an ssh_config would be set up like so:
Host jumpbox
User myuser
Hostname test.ac.uk
StrictHostKeyChecking=no
Host t002
User myuser
StrictHostKeyChecking=no
ProxyJump jumpbox
With that configuration in place, you should now be able to log into t002 using a much simpler command:
ssh t002
There is a lot of other cool stuff you can do with an ssh_config. Have a look through man ssh_config
and revisit it every now and then as you learn more about ssh. You'll keep finding more cool things you can do :)
An example introductory walkthrough to setting up an ssh config is https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/
It is a common problem that you want to get to a server which is not directly accessible from the external internet, but it is accessible from a publicly exposed intermediate host. (The intermediate host is called a jumpbox.)
Since this problem is so common, it is natural that OpenSSH would provide convenience methods that simplify working with jumpboxes (or jumpboxen?). There are two ways, an old way and a new way. The old way still works, but the new way is more intuitive and makes fewer assumptions about what applications are available on the jumpbox.
Using the example machines mentioned in the question, it can be done like so:
ssh -o StrictHostKeyChecking=no -o ProxyJump=myuser@test.ac.uk myuser@t002
Or, rather than -o ProxyJump=myuser@test.ac.uk
, I think -W myuser@test.ac.uk
is equivalent.
Either way, that method requires a new enough version of OpenSSH. If you get stuck with an old version, you need to do something like this:
ssh -o StrictHostKeyChecking=no -o ProxyCommand='ssh myuser@test.ac.uk "nc %h %p"' myuser@t002
The old way assumes you have netcat installed on the jumpbox.
Another benefit of the new way is you don't need to keep a private key on the jumpbox. ProxyJump is clever enough to try using the private key you have locally. So, if the jumpbox is compromised, it need not be able to compromise anything behind the jumpbox.
Now, you might get sick of writing out that big long command every time. The more you use ssh, the more incentive you will have to set up an $HOME/.ssh/config
. That is a file where you can give aliases to remote hosts, and associate particular configurations with those hosts.
For your example, an ssh_config would be set up like so:
Host jumpbox
User myuser
Hostname test.ac.uk
StrictHostKeyChecking=no
Host t002
User myuser
StrictHostKeyChecking=no
ProxyJump jumpbox
With that configuration in place, you should now be able to log into t002 using a much simpler command:
ssh t002
There is a lot of other cool stuff you can do with an ssh_config. Have a look through man ssh_config
and revisit it every now and then as you learn more about ssh. You'll keep finding more cool things you can do :)
An example introductory walkthrough to setting up an ssh config is https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/
answered Nov 22 at 22:15
cryptarch
3766
3766
Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
– user2023
Nov 23 at 12:05
Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Usessh-keygen
to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can usessh-agent
to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
– cryptarch
Nov 25 at 22:01
1
Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
– user2023
Nov 25 at 22:59
add a comment |
Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
– user2023
Nov 23 at 12:05
Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Usessh-keygen
to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can usessh-agent
to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
– cryptarch
Nov 25 at 22:01
1
Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
– user2023
Nov 25 at 22:59
Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
– user2023
Nov 23 at 12:05
Hi Cryptarch, I prefer the ssh_config file method. I have configured it and it works. Is there a way to hard code the password so that I don't have to enter it twice?
– user2023
Nov 23 at 12:05
Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Use
ssh-keygen
to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can use ssh-agent
to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2– cryptarch
Nov 25 at 22:01
Hi @user2023 The more convenient and more secure way to authenticate with ssh is to use keypairs. Use
ssh-keygen
to generate a pair of keys, one private and one public. You put the public half on any server you want to log into. When you generate the keys, you can choose a passphrase for the private key. You can leave the passphrase empty if you like. If you do choose a passphrase, you can use ssh-agent
to remember the passphrase for you, so you don't need to keep typing it. A basic walkthrough is at digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2– cryptarch
Nov 25 at 22:01
1
1
Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
– user2023
Nov 25 at 22:59
Cheers Cryptarch I will try that. Thank you to everyone else for their assistance.
– user2023
Nov 25 at 22:59
add a comment |
up vote
1
down vote
You spawn a new ssh. Try:
send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"
Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
– user2023
Nov 22 at 19:55
add a comment |
up vote
1
down vote
You spawn a new ssh. Try:
send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"
Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
– user2023
Nov 22 at 19:55
add a comment |
up vote
1
down vote
up vote
1
down vote
You spawn a new ssh. Try:
send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"
You spawn a new ssh. Try:
send "ssh -o StrictHostKeyChecking=no $login@$addr2 -p 22r"
answered Nov 22 at 19:43
Mike G
112
112
Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
– user2023
Nov 22 at 19:55
add a comment |
Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
– user2023
Nov 22 at 19:55
Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
– user2023
Nov 22 at 19:55
Hi Mike, I just tried your suggestion, it returns permission denied. Though it does log me in to the server but not the virtual machine.
– user2023
Nov 22 at 19:55
add a comment |
up vote
1
down vote
I would just use a command in a script to reduce typing, and type the user creds!
#!/bin/bash
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -o StrictHostKeyChecking=no myuser@t002'
Tailor to your needs..
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no myuser@t002'
Copy the key from the 1st server to your pc and referance it like so:
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no -i /ssh/1stserverkey myuser@t002'
Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
– user2023
Nov 22 at 18:30
O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
– Michael Prokopec
Nov 22 at 19:20
I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
– Michael Prokopec
Nov 22 at 19:24
I look forward to your response.
– user2023
Nov 22 at 19:56
Now all I need is to find out a way to get the public key to unlock remotely. @user2023
– Michael Prokopec
Nov 22 at 19:57
|
show 3 more comments
up vote
1
down vote
I would just use a command in a script to reduce typing, and type the user creds!
#!/bin/bash
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -o StrictHostKeyChecking=no myuser@t002'
Tailor to your needs..
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no myuser@t002'
Copy the key from the 1st server to your pc and referance it like so:
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no -i /ssh/1stserverkey myuser@t002'
Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
– user2023
Nov 22 at 18:30
O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
– Michael Prokopec
Nov 22 at 19:20
I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
– Michael Prokopec
Nov 22 at 19:24
I look forward to your response.
– user2023
Nov 22 at 19:56
Now all I need is to find out a way to get the public key to unlock remotely. @user2023
– Michael Prokopec
Nov 22 at 19:57
|
show 3 more comments
up vote
1
down vote
up vote
1
down vote
I would just use a command in a script to reduce typing, and type the user creds!
#!/bin/bash
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -o StrictHostKeyChecking=no myuser@t002'
Tailor to your needs..
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no myuser@t002'
Copy the key from the 1st server to your pc and referance it like so:
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no -i /ssh/1stserverkey myuser@t002'
I would just use a command in a script to reduce typing, and type the user creds!
#!/bin/bash
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -o StrictHostKeyChecking=no myuser@t002'
Tailor to your needs..
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no myuser@t002'
Copy the key from the 1st server to your pc and referance it like so:
ssh -o StrictHostKeyChecking=no myuser@test.ac.uk 'ssh -tt -o StrictHostKeyChecking=no -i /ssh/1stserverkey myuser@t002'
edited Nov 22 at 20:10
answered Nov 22 at 18:20
Michael Prokopec
61115
61115
Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
– user2023
Nov 22 at 18:30
O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
– Michael Prokopec
Nov 22 at 19:20
I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
– Michael Prokopec
Nov 22 at 19:24
I look forward to your response.
– user2023
Nov 22 at 19:56
Now all I need is to find out a way to get the public key to unlock remotely. @user2023
– Michael Prokopec
Nov 22 at 19:57
|
show 3 more comments
Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
– user2023
Nov 22 at 18:30
O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
– Michael Prokopec
Nov 22 at 19:20
I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
– Michael Prokopec
Nov 22 at 19:24
I look forward to your response.
– user2023
Nov 22 at 19:56
Now all I need is to find out a way to get the public key to unlock remotely. @user2023
– Michael Prokopec
Nov 22 at 19:57
Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
– user2023
Nov 22 at 18:30
Hi Michael, I appreciate your response. When I run that command it returns errors: Pseudo-terminal will not be allocated because stdin is not a terminal. Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
– user2023
Nov 22 at 18:30
O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
– Michael Prokopec
Nov 22 at 19:20
O i see, The pseudo-terminal is complaining because of the input not comming directly from a local terminal. Hmmm...
– Michael Prokopec
Nov 22 at 19:20
I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
– Michael Prokopec
Nov 22 at 19:24
I have a similar setup at home, some vitualboxs' running on my server and I do work on them from my laptop. I just type everything out. I will try to get this working myself if I find the solution I will post it..
– Michael Prokopec
Nov 22 at 19:24
I look forward to your response.
– user2023
Nov 22 at 19:56
I look forward to your response.
– user2023
Nov 22 at 19:56
Now all I need is to find out a way to get the public key to unlock remotely. @user2023
– Michael Prokopec
Nov 22 at 19:57
Now all I need is to find out a way to get the public key to unlock remotely. @user2023
– Michael Prokopec
Nov 22 at 19:57
|
show 3 more comments
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f483504%2fssh-to-multiple-servers-access-denied%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
If you need to go through a "jumpbox" to get to the server you're really interested in, OpenSSH supports that without needing to write your own scripts. Check out options ProxyCommand (old version of OpenSSH) or ProxyJump (the new way to do it). Using ssh config files, you can easily set it up so that all you have to do is type
ssh t001
on your box at home and you will automatically hop through the jumpbox to the VM.– cryptarch
Nov 22 at 18:33
Hi Cryptarch, is there a guide that you could perhaps direct me to? Cheers
– user2023
Nov 22 at 18:54
is the difference between the
t001
host in the manual method and thet002
in theexpect
script just a typo? If yes, it would help if you cut and pasted the exact scripts and commands you were using instead of retyping them.– mosvy
Nov 22 at 20:19
Hi Mosvy, its just a typo. Now updated. They are the exact commands im using except the credentials.
– user2023
Nov 22 at 20:22
try getting rid of the
-p 22
in thesend "ssh...
command.– mosvy
Nov 22 at 20:26