Core Shell to use ~.ssh/config

Core Shell Request Feature
3

Cool!

Related question. I’m just now trying to figure out how to do a second jump:-)

I’m using the Proxy Jump to go from my mac to a VirtualBox VM that is connected to another network on VPN. The direct connect to the first host on that network is easy. The Proxy Jump is to my VM on 127.0.0.1. Then I go to the first host. How can I do a second jump in the same connection? The first host is the gateway I need to go through. It’s like jumping through two bastion hosts.

With ProxyCommand I can do that by referencing another entry in the ~.ssh/config file

ProxyCommand ssh -o TCPKeepAlive=yes -o ServerAliveInterval=50 -C -W destinationIP:22 BastionHostIP

BastionHostIP is the gateway on the VPN network.

Does it make sense?

Thanks
Mikael

4

Proxy Jump supports multiple jump hosts, can be specified as a comma-separated list, for example:

user1@jumphost1.example.org:22,user2@jumphost2.example.org:2222
5

Doesn’t work. I’m trying to pass an ssh key to the second jump host. Doesn’t seem to work. Prompts for a password.

6

Do you use the same private key for bastion hosts authentication? If you do, you should use ssh auth agent forwarding.

7

I do but it still pops up a user dialog for a password to save in my keychain. It’s not the keychain password. The users on jump host 1 and 2 aren’t the same but the ssh key is the same and if I do the connections manually it works.

8

Core Shell does not support auth agent for the moment, so I guess that is the cause of the problem. You can do some tests on Core Tunnel, which supports auth agent since version 1.1.

9

ok, will try that.

Thanks
Mikael

10

Auth agent was just supported in Core Shell version 1.1, you will see the option after upgrade:

image
image.png990×442 32.3 KB

11

Hi!

There is a default path in that dialog. Is that supposed to be used or is there another value to use. I can’t get it to work.

Thanks
Mikael

12

You don’t have to set to other value if you use system default ssh-agent. Do you have use this command to add your keys to the agent?

ssh-add -K ~/.ssh/id_rsa
13

Not used any command line commands. Just imported the keys using your tool which copies them from the default location under ~/.ssh/

14

You must add keys to ssh-agent, and clear the “Private Key” option in Connection tab of host settings panel.

15

Not successful yet. My config file looks like below.

This is the connection pattern for the second jump host(s):
Host *.somedomain.com
User myuser2
IdentityFile ~/.ssh/id_rsa

This is the connection from the mac to the vm via port 2224 (first jump host):
Host jump1
User myuser1
HostName 127.0.0.1
Port 2224
IdentityFile ~/.ssh/id_rsa

This is the bastion host on the VPN-network:
Host jump2
User myuser2
HostName jumphost2.somedomain.com
ProxyJump myuser1@127.0.0.1:2224

Where I want to go
Host destinationHost
User root
HostName 172.18.2.44
ProxyJump myuser1@127.0.0.1:2224,myuser2@jumphost2.somedomain.com:22

In the terminal I can just do ssh jump1 or ssh jump2 and I connect. Doing ssh destinationHost will prompt for a password which is expected.

How do I repeat this or better still would be to have Core Tunnel and/or Cor Shell just read my config file and populate its list of sessions/connections. Added value would be to save the password to hosts with the ssh key and the tagging of entries. That would be awesome.

Thanks
MIkael

16

Core Shell version 1.2 was released, you can switch to system default ssh_config by following this guide:

ProxyCommand is also supported. And for auth agent forwarding, you must enable Forward Agent option:

image
image1346×438 47.9 KB

The ssh command line shipped with macOS actually also integrates Keychain with private keys, so if you didn't invoke ssh-add command, but ssh connects without prompt private key passphrase, then instead of fetch keys from ssh-agent daemon, ssh might actually decrypts key from Keychain silently.

17

Still no luck.

Not sure I understand the usage if the System config and known_hosts feature. I would expect Core Shell to read the config file and show all my entries in the Core Shell app. I don't see any of that. Am I missing something?

See the failed connections below.

Thanks
Mikael

11:52:21 ----------------------------------------
11:52:21 Connecting…
11:52:21 Connection interrupted: Core Helper abondoned the connection with unknown reason, please try again.
11:52:21 Abnormal Disconnect
11:52:21 Connection failed, retry after 3s…
11:52:24 ----------------------------------------
11:52:24 Connecting…
11:52:24 Connection interrupted: Core Helper abondoned the connection with unknown reason, please try again.
11:52:24 Abnormal Disconnect
11:52:24 Connection failed, retry after 3s…

18

Could you please update Core Shell and Core Tunnel to latest version, and install Core Helper again? It seemed Core Helper was not installed properly.

19

ok, little progress. The new Core Helper seems to have helped. The jump via my vm to a connection to the second host using my ssh key now works. The next jump fails and I get prompted for the password of the second host. Not the destination host.

/Mikael

20

Could you please set host logging level to DEBUG3 and send the verbose output to me via personal message? It may contains sensitive information that you don’t want to public.

21

Hi!

I’m traveling this week so I’ll get to it at the end of the week.

Thanks
Mikael

22

A post was split to a new topic: Does Core Shell can use ~/.ssh/config