ssh proxy using -W host:port

Question

I'm trying to use intermediate machine to connect to a remote host but I'm doing something wrong and not sure what.

I have added to my intermediate box /etc/ssh/sshd_config following lines:

Match User deploy
PermitOpen  any
AllowTcpForwarding yes
ForceCommand echo 'This account can only be used for deployments'

I can ssh from that intermediate box onto the target system no problem but I was hoping to be able to just execute a command like one below to connect via my proxy box:

ssh deploy@dev-linux-03 -W TARGET_IP:22

But I'm getting different response:

 SSH-2.0-OpenSSH_4.3

 Protocol mismatch.

Anything obvious I've missed?

Not much: "localhost sshd[14979]: Accepted publickey for deploy from xxx", ssh in verbose mode shows: channel_connect_stdio_fwd TARGET_IP:22 — Mahakala, May 08 '15 at 13:02
Response looks similar if I just telnet on port 22, I thought -W will create ssh connection but maybe I need to create tunnel first, or do it differently? — Mahakala, May 08 '15 at 13:10
If what you want is an SSH session from the intermediate server to the final server, then this is not the way to do it. `-W` opens a socket to the server/port you've specified, it doesn't pass the actual SSH connection on. I'm linking another question that has an answer with the kind of SSH config I think you need for this. — Jenny D, May 08 '15 at 13:41

score 2 · Answer 1 · answered May 10 '15 at 11:55

You specified the command incorrectly. The correct way to type the command would be like this:

ssh -o ProxyCommand='ssh -W %h:%p user@intermediate-host' user@target-host

If you need this frequently, you can add it to ~/.ssh/config like this:

Host target-host
    User user
    ProxyCommand ssh -W %h:%p user@intermediate-host

Then you only need to type ssh target-host to connect.

ssh proxy using -W host:port

1 Answers1