Timeout using ssh config ProxyCommand
See original GitHub issueThere is, what I would consider, a bug in the way ssh config files are used to proxy.
Normally your ssh config allows you to do this:
Host *
ServerAliveInterval 5
Host *.domain
ProxyCommand ssh -W %h:%p domain_proxy
Host my_host.domain
HostName 10.10.10.10
when you ssh to my_host.domain, it will apply the ServerAliveInterval from Host *, the ProxyCommand from *.domain, and the IP address from my_Host.domain. like so:
> ssh -vvvv my_host.domain
OpenSSH_7.2p2 Ubuntu-4ubuntu1, OpenSSL 1.0.2g-fips 1 Mar 2016
debug1: Reading configuration data ssh_config
debug1: ssh_config line 1: Applying options for *
debug1: ssh_config line 17: Applying options for *.domain
debug1: ssh_config line 45: Applying options for my_host.domain*
debug1: Executing proxy command: exec ssh -W 10.10.10.10:22 domain_proxy
...
Netmiko, on the other hand, will not find the ProxyCommand under *.domain, you must set all of the options under the Host its self like so:
Host my_host.domain
HostName 10.10.10.10
ProxyCommand ssh -W %h:%p domain_proxy
ServerAliveInterval 5
If you must use a proxy to connect, the first ssh config, without ProxyCommand specified under the host, will give this error:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/lbernard/miniconda3/envs/netmiko/lib/python2.7/site-packages/netmiko/ssh_dispatcher.py", line 84, in ConnectHandler
return ConnectionClass(*args, **kwargs)
File "/home/lbernard/miniconda3/envs/netmiko/lib/python2.7/site-packages/netmiko/base_connection.py", line 68, in __init__
self.establish_connection(verbose=verbose, use_keys=use_keys, key_file=key_file)
File "/home/lbernard/miniconda3/envs/netmiko/lib/python2.7/site-packages/netmiko/base_connection.py", line 169, in establish_connection
raise NetMikoTimeoutException(msg)
netmiko.ssh_exception.NetMikoTimeoutException: Connection to device timed-out: cisco_ios my_host.domain:22
Issue Analytics
- State:
- Created 7 years ago
- Comments:9 (9 by maintainers)
Top Results From Across the Web
ssh_config(5) - OpenBSD manual pages
This timeout is applied both to establishing the connection and to performing the initial SSH protocol handshake and key exchange. ControlMaster: Enables the ......
Read more >What is the purpose of netcat's "-w timeout" option when ssh ...
The "ServerAliveInterval 30" setting tells SSH to ping the server every 30 seconds. That traffic prevents netcat's 90 second timeout from ...
Read more >Use ProxyCommand for all SSH Connections - Super User
The example above will make it recursive, that every connection will use a proxy command, which is ssh with just another proxy commmand....
Read more >ssh connect proxy command and timeout, syscall restart
The ssh command we use can have a configured option to use proxy command to do the real connection,as described in this post:ssh...
Read more >How To Use SSH ProxyJump and SSH ProxyCommand in Linux
Connect Remote Linux Using SSH ProxyCommand Command ... Before SSH Proxy Jump, ProxyCommand was the only way of jumping hosts to reach the...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Thanks @ktbyers that example will work perfectly.
The only thing that’s not making a lot of sense to me, is the setting the host record to <ip>:<port>, since the record already contains the IP under ‘HostName’, and the ‘Port’.
as in your example:
It feels redundant, and I have always seen ssh config files set the host record to the FQDN, or a convenient alias. I would expect this config to look like:
or some similar naming scheme.
One thing I have not explored is how ssh config interacts with records in /etc/hosts, so i’m unsure if setting host=<ip>:<port> is due to that consideration. Is there some other commonly used application that is driving the ip:port naming scheme?
Regardless, I will try to get a pull request together to satisfy both scenarios. I am not terribly familiar with pytest (I use unittest on my projects). Could you direct me to an existing test file that I should add tests to, or an appropriate new file name for the tests, that will be inline with your schema?
https://github.com/ktbyers/netmiko/commit/24d39ce28484af0b4465f53c55e1ed0342f92c30