EternalTerminal icon indicating copy to clipboard operation
EternalTerminal copied to clipboard

Published 20 hours ago verified publisher icon MisterTea

Using et through a jumpiest

Open rayjlinden opened this issue 2 years ago • 2 comments

I've been using et for a while over a VPN - works great!

However, we are moving to use a jumphost instead. I can not seem to get et to work through the jump host.

I can jump through the jumpiest just fine with ssh. I do it like this:

ssh -A -J [email protected] [email protected]

With et though things just hang for me. Here is what I'm running:

et --jumphost backdoor.dev.tilia-inc.com  -c "tmux -CC -S /tmp/shareds attach -t shared || tmux -CC -S /tmp/shareds new -s shared" [email protected]

I'm probably doing something wrong. So any help would be appreciated. Or at least some guidance on how to debug this better?

rayjlinden avatar Aug 25 '22 00:08 rayjlinden

Is the et server running on the jumphost?

MisterTea avatar Aug 25 '22 04:08 MisterTea

Yes. And the target server of course. I can et to the jumphost directly and that works fine.

It just hangs when trying the jump….

On Wed, Aug 24, 2022 at 9:39 PM Jason Gauci @.***> wrote:

Is the et server running on the jumphost?

— Reply to this email directly, view it on GitHub https://github.com/MisterTea/EternalTerminal/issues/532#issuecomment-1226766473, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKE5LWTCJAMAK5KL3LQQMKTV232JHANCNFSM57RIDN7Q . You are receiving this because you authored the thread.Message ID: @.***>

--

*Ray Johnson *| CTO

email: @.***

Tilia | http://www.tilia.io/ http://www.tilia.io/Powering Virtual http://www.tilia.io/ Economies http://www.tilia.io/

rayjlinden avatar Aug 25 '22 04:08 rayjlinden

@rayjlinden Can you provide logs from your client (/tmp/etclient-) and your server(s) (/tmp/etserver- and /tmp/etterminal--*).

Also I'd recommend removing your complex -c arg and trying to simply get to a shell on your target host to debug the issue.

jshort avatar Dec 01 '22 18:12 jshort

heavily Inspired by ET in order to interoperability with ssh

  • as jump host
  • connection multiplexing
  • run cmd like ssh

I made a ssh proxyCommand tool to achieve that goal ssh-keep

yurenchen000 avatar Dec 28 '22 09:12 yurenchen000

Same bug here, can't ProxyJump. I found the bug lie in the parsing of the hostname string when you specify a user.

et [email protected] --jumphost bastion.server.com works though it connects to bastion.server.com with local user.

But et [email protected] --jumphost [email protected] doesn't work as it parses the hostname to connect to as [email protected].

It's visible in the error message Could not reach the ET server: [email protected]:2022 (we should read Could not reach the ET server: bastion.server.com:2022).

(MacOS, Apple Silicon M1)

ddebin avatar Jan 31 '24 14:01 ddebin

At first we could not connect to the destination from the jump host due to SSH Agent error.  That appears resolved with et's -f option and now we've been able to connect to our destination by first connecting to the jump host.

However, still unable to connect to our destination through the jump host with a single command.  Is it due to this issue which was fixed in #614 but not exist in our version of et yet?  We just upgraded to version 6.2.8-trixie2 from https://mistertea.github.io/debian-et/debian-source trixie/main amd64 Packages.

Can you help us establish this connection?

~/.ssh/config:

Host myJumphost
	HostName JumpHost.Arizona.EDU
	IdentityFile ~/.ssh/me.myJumphost
Host dest
	User dest-user
	Hostname Dest.arizona.edu
	IdentityFile ~/.ssh/dest-user.dest
	ProxyJump myJumphost

SSH works as expected:

$ ssh dest
Last login:  earlier  from  myJumphost
[dest-user@dest ~]$

Issues with et:

$ et dest
Could not reach the ET server: myJumphost:2022

etclient.log:

[INFO today earlier client-main ParseConfigFile.hpp:1400] unsupported config line: foo yes, ignored
[...20-30 more unsupported config lines found, ignored...]
[INFO today earlier+,001 client-main TerminalClientMain.cpp:244] Parsed ssh config file, connecting to Dest.arizona.edu
[INFO today earlier+,001 client-main TerminalClientMain.cpp:270] ProxyJump found for dst in ssh config: myJumphost
[INFO today earlier+,001 client-main TerminalClientMain.cpp:277] Setting port to jumphost port

etclient-stderr.log:

Setting up and starting sentry
Shutting down sentry

Issue 1 [believed resolved]:

Attempted fix & Issue 2 [unresolved]:

$ et -f dest
Could not reach the ET server: myJumphost:2022

etclient.log and etclient-stderr.log contain the same messages as without -f option.

Have tried different combinations of options like putting the full hostname of myJumphost in the ~/.ssh/config, or removing myJumphost entry from the config and specifying jump options with the command, and so on, but always "could not reach the ET server".

AGI-chandler avatar Apr 12 '24 17:04 AGI-chandler

Hi @MisterTea, any feedback regarding above connection issue and how we might get connected to our server via the jump host?  Thanks

AGI-chandler avatar Apr 23 '24 20:04 AGI-chandler

Does it work if you make two et connections (one to the jumphost and then another et connection from within the jumphost to the destination)?

MisterTea avatar Apr 24 '24 12:04 MisterTea

Yes sir, it does, but only if -f is used with first connection to myJumphost (otherwise SSH_AUTH_SOCK error):

$ et -f myJumphost

[me@myJumphost ~]$ 
[me@myJumphost ~]$ et dest

[dest-user@dest ~]$

AGI-chandler avatar Apr 24 '24 17:04 AGI-chandler

Can you try using the -J command directly instead of relying on the ssh config and see if that works?

MisterTea avatar Apr 24 '24 18:04 MisterTea

Can you try using the -J command directly instead of relying on the ssh config and see if that works?

Idk what you mean.  There is no -J option for et and I don't see a way to use ssh's -J option with et.  There is only --ssh-option arg Options to pass down to 'ssh -o'.  The man page for -J says:

This is a shortcut to specify a ProxyJump configuration directive.  Note that configuration direc‐
tives supplied on the command-line generally apply to the destination host and not any specified jump hosts.
Use ~/.ssh/config to specify configuration for jump hosts.

Since myJumphost has a different login user and different key file, ~/.ssh/config must be used.  Thus I renamed my ~/.ssh/config to ~/.ssh/config.disabled and used an ~/.ssh/config with only:

Host myJumphost
	HostName JumpHost.Arizona.EDU
	IdentityFile ~/.ssh/me.myJumphost

and tried: et --ssh-option ProxyJump=myJumphost --ssh-option User=dest-user --ssh-option IdentityFile=~/.ssh/dest-user.dest dest.arizona.edu

Result: Could not reach the ET server: dest.arizona.edu:2022

I added -v 1 to the et command and checked the log file, it started with this: [INFO date time client-main ParseConfigFile.hpp:1400] unsupported config line: IdentityFile ~/.ssh/me.myJumphost, ignored

Tried using /home/me instead of ~ but still being ignored.  That took a couple hours already, any further suggestions or ideas?

AGI-chandler avatar Apr 27 '24 10:04 AGI-chandler

There should be a -J option in et. The longform is --jumphost

MisterTea avatar Apr 27 '24 13:04 MisterTea

Oddly -J does not show up in et --help. But it does work. The flag --jumphost is documented in et --help though. (This is on et version 6.2.8)

Ray

On Sat, Apr 27, 2024 at 6:35 AM Jason Gauci @.***> wrote:

There should be a -J option in et. The longform is --jumphost

— Reply to this email directly, view it on GitHub https://github.com/MisterTea/EternalTerminal/issues/532#issuecomment-2080675540, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKE5LWRTNT2SYIRKLBROG5LY7OSSRAVCNFSM57RIDN72U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMBYGA3DONJVGQYA . You are receiving this because you were mentioned.Message ID: @.***>

rayjlinden avatar Apr 27 '24 17:04 rayjlinden