0

I want to reach Ubuntu20.04 server U1 through Ubuntu20.04 server U2 since U1 is behind a firewall, from a MacBook with BugSur. SSH from U2 to U1 is done with a public key, without password. I get to U2 using password but the next step always asks for a password (which I can't remember now). I have seen this question and tried things like this in the MacBook's .ssh/config:

Host U2
    HostName accessible.uni.com
    User me
    # PreferredAuthentications publickey
    ForwardX11 yes

Host U1
    HostName behind_firewall.uni.com
    User me
    # PreferredAuthentications publickey
    # IdentityFile /home/me/.ssh/id_rsa.pub
    ProxyJump U2
    ForwardX11 yes

and running ssh U1 enter the password for U2 but is then asked for password for U1. How can I make it work password-free on the second ssh?

Jonatan Öström
  • 2,428
  • 1
  • 16
  • 27
  • You can use RemoteCommand [Example](https://unix.stackexchange.com/questions/354594/remote-command-in-ssh-config-file) – Nabil Dec 28 '21 at 23:15
  • Can you run an authentication agent on your laptop, loading your key in the agent and forwarding the connection using the `-A` option? – chepner Dec 28 '21 at 23:23

2 Answers2

0

You can use Remote Command. Once it's successfully connected to U2 it will execute the command ssh U1.

Host U1
    HostName accessible.uni.com
    User me
    # PreferredAuthentications publickey
    ForwardX11 yes
    RemoteCommand ssh U1
Nabil
  • 1,130
  • 5
  • 11
  • Thanks! It works with `ssh -t U1` or if adding `RequestTTY force` to your definition. And `U1` must be defined in the `.ssh/config` of `U2`. – Jonatan Öström Dec 28 '21 at 23:53
-1

Apparently each leg of the tunnel with ProxyJump want's to be authenticated by a key (or password) from the MacBook in this case. So making a public key and adding it to authorized_keys of each computer where it should pass by password-less is necessary with this option.

Jonatan Öström
  • 2,428
  • 1
  • 16
  • 27