Win32-OpenSSH icon indicating copy to clipboard operation
Win32-OpenSSH copied to clipboard

Published 20 hours ago verified publisher icon PowerShell

Jumphost port number format

Open Berkey opened this issue 3 years ago • 4 comments

Troubleshooting steps https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps

Terminal issue? please go through wiki https://github.com/PowerShell/Win32-OpenSSH/wiki/TTY-PTY-support-in-Windows-OpenSSH

Please answer the following

"OpenSSH for Windows" version ssh -V OpenSSH_for_Windows_8.6p1, LibreSSL 2.6.5

ssh -V OpenSSH_for_Windows_8.6p1, LibreSSL 2.6.5

Server OperatingSystem Windows 10 Enterprise

Client OperatingSystem

What is failing

When using the -J flag to connect through a jumphost using the format ip_address:port_num I get the error: channel 0: open failed: connect failed: No such host is known. stdio forwarding failed kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535

When using the -J flag with ip_address -p port_num the connection is successful.

Expected output

Actual output

Berkey avatar Jan 10 '22 22:01 Berkey

@tgauth - please have a look.

bagajjal avatar Jan 10 '22 23:01 bagajjal

I tried to reproduce this. The first difference I noticed is that I seem to get a different LibreSSL: OpenSSH_for_Windows_8.6p1, LibreSSL 3.3.3 (downloaded 8.6 today)

I'm running SSH -J "jumphostip" "targetserverIP" and SSH -J "jumphostip:2222" "targetserverIP". Both works as expected Also tried the same using DNS names and that works as long as the Jumphost kan resolve the DNS name of the target host. If it can't I do get the error message the threadstarter got

matsmcp avatar Jan 14 '22 09:01 matsmcp

@Berkey, I'm not totally sure I'm repro'ing this correctly, so my apologies if this isn't helpful.

I tried to connect to "targetserverIP" (customPort) via "jumphostIP" (defaultPort)

I am able to successfully connect with the following command: ssh -J "jumphostIP" -p customPort "targetserverIP"

I get the error you report with this command: ssh -J "jumphostIP" "targetserverIP:customPort"

The format of the jumphost command is: ssh [-J [user@]host[:port]] [-p port] destination

In our example, this means the port for the jumphostIP can be specified using ":port" and the port for the targetserverIP can be specified using "-p port" but they are not interchangeable.

If this is not what happened, can you run both ssh commands with -vvv and provide the debug log?

tgauth avatar Jan 21 '22 17:01 tgauth

@tgauth Your description matches my use case and errors. I believe @matsmcp may have caught part of the issue I found. My environment has a DNS topology that could be problematic if its required when using the -J flag. I don't believe my jumphost and the hosts I am trying to connect to through it have access to the same DNS servers or that they even have relevant A records for any of the hosts involved. This is all in a development network environment and things change often, so we are light on configuration of DNS and use primarily use IP addresses and passwords, not keys for authentication.

Berkey avatar Jan 21 '22 20:01 Berkey