Core Shell to use ~.ssh/config

improvement

(Mikael Fransson) #1

Please use/re-use the existing ~.ssh/config file as the source for connection settings. That will increase the chance of longtime ssh users adopting this quickly. The tag system will help bring order to the current chaos in large config files.

Thanks
Mikael


(Yang.Y) #2

It will be available soon :wink:


(Mikael Fransson) #3

Cool!

Related question. I’m just now trying to figure out how to do a second jump:-)

I’m using the Proxy Jump to go from my mac to a VirtualBox VM that is connected to another network on VPN. The direct connect to the first host on that network is easy. The Proxy Jump is to my VM on 127.0.0.1. Then I go to the first host. How can I do a second jump in the same connection? The first host is the gateway I need to go through. It’s like jumping through two bastion hosts.

With ProxyCommand I can do that by referencing another entry in the ~.ssh/config file

ProxyCommand ssh -o TCPKeepAlive=yes -o ServerAliveInterval=50 -C -W destinationIP:22 BastionHostIP

BastionHostIP is the gateway on the VPN network.

Does it make sense?

Thanks
Mikael


(Yang.Y) #4

Proxy Jump supports multiple jump hosts, can be specified as a comma-separated list, for example:

user1@jumphost1.example.org:22,user2@jumphost2.example.org:2222

(Mikael Fransson) #5

Doesn’t work. I’m trying to pass an ssh key to the second jump host. Doesn’t seem to work. Prompts for a password.


(Yang.Y) #6

Do you use the same private key for bastion hosts authentication? If you do, you should use ssh auth agent forwarding.


(Mikael Fransson) #7

I do but it still pops up a user dialog for a password to save in my keychain. It’s not the keychain password. The users on jump host 1 and 2 aren’t the same but the ssh key is the same and if I do the connections manually it works.


(Yang.Y) #8

Core Shell does not support auth agent for the moment, so I guess that is the cause of the problem. You can do some tests on Core Tunnel, which supports auth agent since version 1.1.


(Mikael Fransson) #9

ok, will try that.

Thanks
Mikael


(Yang.Y) #10

Auth agent was just supported in Core Shell version 1.1, you will see the option after upgrade:


(Mikael Fransson) #11

Hi!

There is a default path in that dialog. Is that supposed to be used or is there another value to use. I can’t get it to work.

Thanks
Mikael


(Yang.Y) #12

You don’t have to set to other value if you use system default ssh-agent. Do you have use this command to add your keys to the agent?

ssh-add -K ~/.ssh/id_rsa

(Mikael Fransson) #13

Not used any command line commands. Just imported the keys using your tool which copies them from the default location under ~/.ssh/


(Yang.Y) #14

You must add keys to ssh-agent, and clear the “Private Key” option in Connection tab of host settings panel.


(Mikael Fransson) #15

Not successful yet. My config file looks like below.

This is the connection pattern for the second jump host(s):
Host *.somedomain.com
User myuser2
IdentityFile ~/.ssh/id_rsa

This is the connection from the mac to the vm via port 2224 (first jump host):
Host jump1
User myuser1
HostName 127.0.0.1
Port 2224
IdentityFile ~/.ssh/id_rsa

This is the bastion host on the VPN-network:
Host jump2
User myuser2
HostName jumphost2.somedomain.com
ProxyJump myuser1@127.0.0.1:2224

Where I want to go
Host destinationHost
User root
HostName 172.18.2.44
ProxyJump myuser1@127.0.0.1:2224,myuser2@jumphost2.somedomain.com:22

In the terminal I can just do ssh jump1 or ssh jump2 and I connect. Doing ssh destinationHost will prompt for a password which is expected.

How do I repeat this or better still would be to have Core Tunnel and/or Cor Shell just read my config file and populate its list of sessions/connections. Added value would be to save the password to hosts with the ssh key and the tagging of entries. That would be awesome.

Thanks
MIkael


(Yang.Y) #16

Core Shell version 1.2 was released, you can switch to system default ssh_config by following this guide:

ProxyCommand is also supported. And for auth agent forwarding, you must enable Forward Agent option:

The ssh command line shipped with macOS actually also integrates Keychain with private keys, so if you didn’t invoke ssh-add command, but ssh connects without prompt private key passphrase, then instead of fetch keys from ssh-agent daemon, ssh might actually decrypts key from Keychain silently.


(Mikael Fransson) #17

Still no luck.

Not sure I understand the usage if the System config and known_hosts feature. I would expect Core Shell to read the config file and show all my entries in the Core Shell app. I don’t see any of that. Am I missing something?

See the failed connections below.

Thanks
Mikael

11:52:21 ----------------------------------------
11:52:21 Connecting…
11:52:21 Connection interrupted: Core Helper abondoned the connection with unknown reason, please try again.
11:52:21 Abnormal Disconnect
11:52:21 Connection failed, retry after 3s…
11:52:24 ----------------------------------------
11:52:24 Connecting…
11:52:24 Connection interrupted: Core Helper abondoned the connection with unknown reason, please try again.
11:52:24 Abnormal Disconnect
11:52:24 Connection failed, retry after 3s…


(Yang.Y) #18

Could you please update Core Shell and Core Tunnel to latest version, and install Core Helper again? It seemed Core Helper was not installed properly.


(Mikael Fransson) #19

ok, little progress. The new Core Helper seems to have helped. The jump via my vm to a connection to the second host using my ssh key now works. The next jump fails and I get prompted for the password of the second host. Not the destination host.

/Mikael


(Yang.Y) #20

Could you please set host logging level to DEBUG3 and send the verbose output to me via personal message? It may contains sensitive information that you don’t want to public.