Error opening SSH connection - cf ssh <appname> - Corporate Network

[Scrat94]

Please fill out the issue checklist below and provide ALL the requested information.

• [x] I reviewed open and closed github issues that may be related to my problem.
• [x] I tried updating to the latest version of the CF CLI to see if it fixed my problem.
• [x] I attempted to run the command with CF_TRACE=1 to help debug the issue.
• [x] I am reporting a bug that others will be able to reproduce.

Describe the bug and the command you saw an issue with Im in a corporate network and the Cloud Foundry is hosted in the Cloud of a Third Party. Now I want to enable a SSH connection to one of the applications. I enabled ssh on space and application level and also receive and "okay" when I type the comment cf ssh-enabled <appname>. However if I want to use cf ssh <appname> I receive the following error: Error opening SSH connection: dial tcp: <internet-accessible-url>: no such host. If I try this from my personal computer at home, it is working as expected. This brings me to the conclusion that this has something to do with the corporate network and maybe the proxy. I had a similar issues with ssh github, which I could solve with the config file and adding ProxyCommand connect -H <corporate-proxy-url>:80 %h %p. Now I am searching for a possibility to set the proxy (if this is the root cause). I already tried setting the enviroment proxys: https_proxy, http_proxy, all_proxy without any success.

Do you have any idea how I can set an http proxy to the ssh cli command?

What happened Error occured while executing the cf ssh command

Expected behavior No error shown and expect the same behavior like written above as my home computer

To Reproduce Steps to reproduce the behavior; include the exact CLI commands and verbose output:

1. Run cf ssh <appname>
2. See error Error opening SSH connection: dial tcp: lookup ssh.**********: no such host

Provide more context

• Win10
• Latest
• version of the CC API Release you are on -> ???

I appreciate your help and support.

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/169432456

The labels on this github issue will be updated when the story is started.

[abbyachau]

Hi @Scrat94 have you reviewed the documentation for ssh?

[Scrat94]

Hi @abbyachau yes of course. But there is nowhere written how to set a proxy for ssh... I got it up and running on my personal computer at home, but not on my corporate laptop. I have set the https_proxy/http_proxy already, but still it's not working.

[Scrat94]

I was able to resolve my issue by using putty and entering there the proxy details.

However here comes the feature request:

• Add proxyhost and port parameter in the ssh command
• e.g. cf ssh -L <port>:<desthost>:<destport> <appname> --proxy <proxyhost>:<proxyport>

Would this be feasible to add?

[abbyachau]

@Scrat94 thanks. I had thought that documentation had information re: using v3-ssh, but it doesn't look like it does. I've updated it so that it includes: v3-ssh supports a new environment variable for specifying a proxy server:

ENVIRONMENT:
   all_proxy=                   Specify a proxy server to enable proxying for all requests

It also supports a --process flag. Please let us know if that helps with your use case, thanks.

[Scrat94]

Hi @abbyachau, thanks for you reply. I have set the environment variable in windows all_proxy=http://*****:80, but also unfortunately with the v3-ssh command I receive an error message:

cf v3-ssh pgadminela
This command is in EXPERIMENTAL stage and may change without notice

dial tcp: lookup ssh.cf.*****.com: no such host
Failed

I mean I can live with the workaround with Putty, but it would be really nice if I simply could use the cli for that.

[abbyachau]

@Scrat94 thanks. Out of curiosity, what is the state of your app pgadminela, e.g. is it running, stopped, etc.

[Scrat94]

@abbyachau the app is running (this is currently the app for accessing the database UI via web), I also tried to use it on different web services in the space as well.

[abbyachau]

Thanks @Scrat94 I think the team is finding it difficult trying to replicate the issue you've run into with all_proxy=http. If you haven't already, please try the #General channel in Cloud Foundry Slack to see if anyone has one into the issue you've described.

[balu251994]

Hi @Scrat94

I m facing the same issue. I was trying to run jvmmon provided by sap_jvm_buildpack behind corporate firewall. The timeout issue persists and v3-ssh either.

Can you please elaborate, how exactly did you make things work using PUTTY?

[Scrat94]

@balu251994 I have followed the instructions mentioned here: https://developer.mindsphere.io/paas/paas-cloudfoundry-ssh.html Scroll down to the section with the proxy

[balu251994]

Thanks @Scrat94 And I figured, my network blocks SSH protocol altogether. So there was no way I could bypass it or proxy the connection.

[alevenelli]

Hi, People... I'm facing the same problem to connect by "CF SSH" command behind proxy server. My script works with another proxy but doesn't work with my company proxy.

As I can connect to API by "CF LOGIN" command setting the environment variable https_proxy, I think this configuration is OK.

But when I try to do the "CF SSH" command, the windows computer doesn't route to proxy... My network team has monitored the proxy and told me that nothing arrive at it.

I can't use PUTTY or another software (only Windows Shell and cf cli). Please, do you have any idea to help me?

Thanks, Alexandre

[alevenelli]

Hi, @Scrat94...

Please, let me know if you solve your problem using PUTTY or you got config proxy for CF SSH command?

Thanks...