tabby icon indicating copy to clipboard operation
tabby copied to clipboard

Published 20 hours ago verified publisher icon Eugeny

Support for Multiple ProxyJumps

Open nicolas-tallet opened this issue 3 years ago • 8 comments

Describe the problem:

According to the following issue: #5559 , support for ProxyJump is fully operational in tabby However, I don't seem to be able to make it work whenever the target host requires going through at least two ProxyJumps (instead of one). Connection fails with the following error message:

<Target Host>: jump host "openssh-config:<ProxyJump #1>-<ProxyJump #2>" not found in your config

which seems to indicate that tabby is taking the content of the proxyjump directive, made of a comma-separated list of hosts, as one single host.

To Reproduce:

Sample .ssh/config configuration:

Host target.domain
	Hostname target.domain
	IdentityFile ~/.ssh/id_rsa
	ProxyJump pj01.domain, pj02.domain
Host pj01.domain
	Hostname pj01.domain
	IdentityFile ~/.ssh/id_rsa
Host pj02.domain
	Hostname pj02.domain
	IdentityFile ~/.ssh/id_rsa

Establish a connection to the target host should lead to the following error message:

target.domain: jump host "openssh-config:pj01.domain-pj02.domain" not found in your config

nicolas-tallet avatar Feb 23 '22 17:02 nicolas-tallet

I would like to have this feature as well. I'm using the following workaround to achieve it with tabby: Direct Host: A Login Scripts: ssh -J B C

Best regards David

davixd avatar Feb 23 '22 18:02 davixd

just to clarify - does the jump chain work if you set it up normally through profiles?

Eugeny avatar Feb 23 '22 18:02 Eugeny

In profiles the single jump works well, yes. Followed my example from above jump to B works well with the profiles.

davixd avatar Feb 23 '22 18:02 davixd

Not sure how to best solve this in terms of the automatic importer. In Tabby, every profile has its specific jump host assigned to it. This means that the following config can't be represented in terms of Tabby profiles:

Host h1
	ProxyJump j1, j2

Host h2
	ProxyJump j3, j2

Eugeny avatar Feb 23 '22 18:02 Eugeny

Would it makes sense to use for the automatic importer the function as its done with Login Scripts with "New Items" in Tabby? I imagined something like this: New Profile -> General -> Connection -> Jump host -> Host: h1 -> Jump host select j1 -> add new jump host select j2.

Host h1
	jumpHost ssh:j1-xxx, ssh:j2-xxx

davixd avatar Feb 24 '22 00:02 davixd

Well the current systems saves time by not having the user set up the full jump chain for every target host (instead only having to select the "nearest" host).

I think the most users will have consistent jump chains in their .ssh/config - I'll try to change the importer to offer "best effort" processing.

Eugeny avatar Feb 24 '22 08:02 Eugeny

Just ran into this, and while @davixd's workaround is useful, it would be good to have Tabby just handle multiple hops.

iainhallam avatar Aug 03 '23 12:08 iainhallam

Hello @davixd , please, can you tell me, how exatly set the login scripts like a jump servers? I'm not sure what to type in the Expect field. I suppose, I'll write in the send field: "ssh -J B" and next line "ssh -J C"

image

Thank you very much for help! BR, Martin

MartinWolfCZ avatar Nov 23 '23 11:11 MartinWolfCZ