Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Using a non-ssh ProxyCommand?

See original GitHub issue

I have an ssh config with a ProxyCommand that isn’t a simple ssh proxy jump:

Host ssm-*
  ProxyCommand sh -c "aws ssm start-session --target $(echo %h | sed s/^ssm-//) --document-name AWS-StartSSHSession"

So when I run

ssh ssh ssm-i-89302843982043

the ssh client runs a shell command that strips out the ssm- prefix and runs

sh -c "aws ssm start-session --target i-89302843982043 --document-name AWS-StartSSHSession" --parameters portNumber=%p

This initiates an SSH session through the AWS SSM Session Manager instead of through a direct port connection, and then hands the stdin and stdout back to the regular ssh client to proceed with auth, opening channels, etc.

Would it work to:

Use child_process.spawn() (or something similar) to run the external command
Create a stream.Duplex using the child process’ stdin/out
Use that stream as the sock for an ssh2.Client connection

I plan to give this a try sometime in the next few days, but I figured I’d ask in case there’s a better idea (or just to get confirmation that this is the right path to go down).

Issue Analytics

State:
Created a year ago
Comments:6 (2 by maintainers)

Top GitHub Comments

1reaction

wujohnscommented, Nov 24, 2022

Finally, I find a npm module named “duplex-child-process”, and run the example success:

const fs = require('fs')
const { Client } = require('ssh2')
const Child_Process = require('duplex-child-process')

const privateKey = fs.readFileSync(`${ keyPath }`)
const proxyStream = Child_Process.spawn('ncat', ['--proxy', '127.0.0.1:7890', `${ targetIp }`, '22'])

const conn = new Client()
conn.connect({
  sock: proxyStream,
  username: 'root',
  privateKey
})

conn.on('ready', () => {
  console.log('Client :: ready')
  conn.exec('uptime', (err, stream) => {
    if (err) throw err
    stream.on('close', (code, signal) => {
      console.log('Stream :: close :: code: ' + code + ', signal: ' + signal)
      conn.end()
    }).on('data', (data) => {
      console.log('STDOUT: ' + data)
    }).stderr.on('data', (data) => {
      console.log('STDERR: ' + data)
    })
  })
})

0reactions

wujohnscommented, Nov 24, 2022

I will try to read the forwardOut function code, maybe there has exists the answer

Top Results From Across the Web

Tutorial: How to Use SSH ProxyJump and SSH ProxyCommand

OpenSSH ProxyJump and ProxyCommand directives tell the SSH client how to connect to a remote server via an intermediary server — often ...

SSH to remote hosts through a proxy or bastion with ProxyJump

ProxyJump is the simplified way to use a feature that ssh has had for a long time: ProxyCommand . ProxyCommand works by forwarding...

Using SSH ProxyCommand to Tunnel Connections

This method will use ssh proxycommand to enable transparent access to a host while behind the scenes tunneling through another host.

How To Use SSH ProxyJump and SSH ProxyCommand in Linux

Before SSH Proxy Jump, ProxyCommand was the only way of jumping hosts to reach the remote target. It works by forwarding the stdin...

ssh_config(5) - OpenBSD manual pages

If set to yes then, for connections that do not use a ProxyCommand or ProxyJump , ssh(1) will attempt to canonicalize the hostname...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

Using a non-ssh ProxyCommand?

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

Adding flags to messages

"sftp: Unexpected end event raised by server" after inbound request for a channel window adjust