I'm trying to do a very simply SSH tunnel:
ssh -L44301:someremotehosthere:someport -p2222 myuser@myFQDN
I can run the above on commandline and everything works as expected. Here are the commands I run:
- SSH prompts for my password (my company won't allow us to store SSH keys on this server)
- the remote server prompts for DUO 2FA
- I click #1 on the keyboard to allow DUO PUSH (or #2 to have DUO call me, or #3 for txt)
- DUO sends the 2FA, responds back the server and then it lets me in.
- I can then (from my workstation), go to my localhost tunnel to get to where I need it to go.
With Core Tunnel, I tried to set this up and receive the following:
Equivalent Command: ssh -L 44301:someremotehosthere:someport -o ServerAliveCountMax=3 -o ChallengeResponseAuthentication=yes -o PasswordAuthentication=yes -o ServerAliveInterval=15 -o PreferredAuthentications=keyboard-interactive,password -p 2222 @
21:51:39 Connecting…
21:51:39 Using Core Helper 4.8 (r48)
21:51:39 Authenticating…
21:51:39 Unable to negotiate with port 2222: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
21:51:39 Abnormal Disconnect
21:51:39 Connection failed, retry after 3s…
I've attempted to adjust the settings and ended up with Core Tunnel generating the following:
ssh -L 44301:someremotehosthere:someport -o ServerAliveCountMax=3 -o ChallengeResponseAuthentication=yes -o PasswordAuthentication=yes -o ServerAliveInterval=15 -o PreferredAuthentications=keyboard-interactive,password -p 2222 @
What else could I be doing to make this work?
I thought SSH Tunnel.app used to prompt me with an interactive login. I am thinking that Core Tunnel likely does this too.
Does anyone have suggestions for me?
Core Tunnel v2.5, Release Date: 2020-09-27
I am running macOS 10.15.6, which includes OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008. btw, really? Is mac packaging the opensource rhel version of SSH and recompiling its source? heh... either that OR I had once installed fink or brew or something to get that package.