Multihop ssh connections

[Madko]

Hi,

We have SSH servers that can't be only accessed thru other SSH servers. So we use ProxyCommand in ssh_config. Is there a way do to the same in keybox (jsch) ?

best regards, Edouard

[mcarbonneaux]

i have the same need !

they need to do ssh through http connect proxy.

with jsch seem to be possible to do ; https://stackoverflow.com/questions/21424237/how-to-ftp-file-using-a-proxy-with-jsch-libraries

JSch jsch = new JSch();
java.util.Properties config = new java.util.Properties();
Session session = jsch.getSession(RemoteUserName, RemoteIpAddr, RemotePortNo);
session.setPassword(RemotePassword);
config.put("StrictHostKeyChecking", "no");
session.setConfig(config);
session.setProxy(new ProxyHTTP(ProxyName, ProxyPort));
session.connect();

[mcarbonneaux]

http://www.jcraft.com/jsch/examples/ViaHTTP.java.html

i think you need to add proxy host/port, type of proxy (socks or http), user, password on system object (to be abel to use different proxy on each host).

and use this setting to setup the jsch sesssion after jsch.getSession at https://github.com/skavanagh/KeyBox/blob/master/src/main/java/com/keybox/manage/util/SSHUtil.java#L236

//add private key
            jsch.addIdentity(appKey.getId().toString(), appKey.getPrivateKey().trim().getBytes(), appKey.getPublicKey().getBytes(), passphrase.getBytes());

            //create session
            session = jsch.getSession(hostSystem.getUser(), hostSystem.getHost(), hostSystem.getPort());

                        session.setProxy(new ProxyHTTP(ProxyName, ProxyPort));

            //set password if passed in
            if (password != null && !password.equals("")) {
                session.setPassword(password);
            }
            session.setConfig("StrictHostKeyChecking", "no");
            session.setConfig("PreferredAuthentications", "publickey,keyboard-interactive,password");
            session.setServerAliveInterval(SERVER_ALIVE_INTERVAL);
            session.connect(SESSION_TIMEOUT);

[mcarbonneaux]

for socks5:

session.setProxy(new ProxySOCKS5(proxy_host, proxy_port));

for socks4:

session.setProxy(new ProxySOCKS4(proxy_host, proxy_port));

[mcarbonneaux]

to set password (work on http and socks4 to) on proxysocks5:

   ProxyHTTP proxy = new ProxySOCKS5(proxy_host, proxy_port);
   proxy->setUserPasswd("user","password");
   session.setProxy(proxy);

[skavanagh]

Maybe - would you need to specify the proxy per system? or would you want to set the proxy for all systems?

[Madko]

I was not specifically speaking about http proxy, just ssh hops to access server behind others. Don't know if ProxyCommand works with http proxy. And yes it's usually a different host per system.

[mcarbonneaux]

You can use proxycommand to do ssh through http connect proxy (with netcat/socat/proxytunnel command for exemple) it work very fine.

And with jsch this options are integrated with the lib.

You can use Apache httpd in proxy forwarder mode to make proxy http connect for proxying ssh.

[mcarbonneaux]

https://stackoverflow.com/questions/19161960/connect-with-ssh-through-a-proxy

[Madko]

What I'd like to achieve is just multi hop thru many ssh servers.

[KEYBOX] => [SSH1] => [SSH2] => [Final SSH server]

Not sure I was clear, sorry.

[hottsoft]

http://www.jcraft.com/jsch/examples/JumpHosts.java.html

I've been attempting this method. It just gives me Generic message with no error. I suspect it's because it can't store and retrieve both keys?

Any help with this is appreciated.