12-09-2011
1 SSH tunnel, 2 devices: 1 "just works," other gets challenged
summary: I have 2 devices on same LAN which tunnel through one gateway to a cluster, using ssh with public keys for password/passphrase-less login. I configured both devices, and those ssh configurations are nearly identical with regard to ssh. From either device I can shell into the cluster. However on one device I can shell in without getting a credential challenge (good), but on the other device I always get challenged (bad). How to debug the latter?
details: I'd appreciate help debugging the following:
I'm in a scientific workplace with (to a very first approximation) 1 LAN for users and lightweight servers, and 1 cluster where the science gets done. Users (like me) on the outer LAN can only connect to the cluster through a gateway/firewall server. Users get issued an XP PC; the servers (mostly) and clusters (exclusively) run RHEL.
The first thing I did to "my" windows box (call it W) was install cygwin, from which I then generated and distributed RSA keys, and setup an SSH tunnel from W through the gateway server (G) to the cluster (C), via
+ a bash script `w2g` on W which connects only W->G
+ a stanza in W:.ssh/config which connects W->G (via `ssh g` from W's commandline)
+ a bash script `g2c` in my homespace on G which connects only G->C
+ a stanza in G:.ssh/config which connects G->C (via `ssh c` from G's commandline)
+ a bash script `w2c` on W (which tunnels W->G->C)
+ a stanza in W:.ssh/config (which tunnels W->G->C, via `ssh c` from W's commandline)
Those all work correctly on W, i.e., without password/passphrase challenge (except when I try to tunnel W->C without first setting up the W->G connection--will post a separate question about that).
But W is still a windows box, so I was thrilled to discover that I could finally start using my personal debian laptop (call it L) on the user LAN. I have configured SSH on L many times for many networks, and quickly got L ssh'ing on the user LAN, using nearly the same procedure as I used with cygwin on W (note both run OpenSSH). So I am a bit chagrined to observe that, while these run password/passphrase-less on L
+ bash script `l2g` on L connecting L->G
+ stanza in L:.ssh/config connecting L->G (via `ssh g` from L's commandline)
and these of course still works without challenge on G once I have ssh'ed in from L
+ bash script `g2c` on G connecting G->C
+ stanza in G:.ssh/config connecting G->C (via `ssh c` from G's commandline)
the following get password-challenged, every time, whether or not I have an already-open L->G SSH session:
- bash script `l2c` on L (tunneling L->G->C)
- stanza in L:.ssh/config (tunneling L->G->C, via `ssh c` from L's commandline)
Note also that
* the contents of file=`l2c` are identical to the contents of file=`w2c`
* the contents of file=W:.ssh/config are identical to the contents of file=L:.ssh/config
particularly, both are forwarding through port#=10230 (dunno how I chose that).
To hopefully clarify the problem, compare how W succeeds with how L fails:
A session on W is like this: with 2 shells open, I can do
1 `ssh g` in one shell: this goes directly to the splash screen and prompt for the gateway, no credential challenge.
2 `w2g` in another shell: this gets the gateway splash screen, then
> bind: Address already in use
> channel_setup_fwd_listener: cannot listen to port: 10230
> Could not request local forwarding.
then I get the prompt for the cluster, no credential challenge. By contrast, on L, with 2 shells open, I can do
1 `ssh g` in one shell: this goes directly to the splash screen and prompt for the gateway, no credential challenge.
2 `l2g` in another shell: this gets the gateway splash screen, then
> bind: Address already in use
> channel_setup_fwd_listener: cannot listen to port: 10230
> bind: Address already in use
> channel_setup_fwd_listener: cannot listen to port: 10230
> Could not request local forwarding.
> me@localhost's password:
i.e., a credential challenge.
What am I doing wrong? or for what should I check?
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
If I try to run "kill -14 pid", some processes in my application
get terminated , while some keeps running.
If SIGALRM signal is sent, they should make an exit.
What's the reason any process keeps on running. (1 Reply)
Discussion started by: poojac
1 Replies
2. Shell Programming and Scripting
Hi,
A cron job CJ invokes a shell script SC. SC internally invokes multiple perl scripts. One of the perl scripts deals with Accurev (i am using Accurev CLI).
The first accurev command encountered is
accurev merge -i <<file_name>> (file name has absolute path)
When I run the perl script or... (1 Reply)
Discussion started by: singh
1 Replies
3. Shell Programming and Scripting
Hi,
I have line in input file as below:
3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL
My expected output for line in the file must be :
"1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL"
Can someone... (7 Replies)
Discussion started by: shis100
7 Replies
4. UNIX for Dummies Questions & Answers
strange :)
can you tell why?:cool:
#!/bin/bash
echo " enter your age "
read age
if ; then
echo " you do not have to pay tax "
elif ]; then
echo " you are eligible for income tax "
else
echo " you dont have to pay tax "
fi (3 Replies)
Discussion started by: me.
3 Replies
5. Red Hat
Dear All,
plz print the path of files which have the script of "who" & "w" commands.
thnx in advance. (6 Replies)
Discussion started by: saqlain.bashir
6 Replies
6. UNIX for Dummies Questions & Answers
Please can you help me understand the significance of providing arguments under sh -s in
> ssh -qtt ${user}@${host} "sh -s "${version}"" < test.sh (4 Replies)
Discussion started by: Sree10
4 Replies
7. UNIX for Dummies Questions & Answers
How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address
and column 3 contains “cc” e-mail address to include with same email.
Sample input file, email.txt
Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies
8. Shell Programming and Scripting
Hello.
System : opensuse leap 42.3
I have a bash script that build a text file.
I would like the last command doing :
print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt
where :
print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies
9. UNIX for Beginners Questions & Answers
Hi there, this may be a beginner's error, but I've been unable to find a solution on my own and by googling, and now I am really stuck on it.
I am simply trying to move directories called for example CAT_Run01.ica to a directory with the corresponding number, Run01, in the same directory.
For... (2 Replies)
Discussion started by: andrevol
2 Replies