NetworkManager-ssh icon indicating copy to clipboard operation
NetworkManager-ssh copied to clipboard

Published 20 hours ago verified publisher icon danfruehauf

ProxyCommand support

Open knarrff opened this issue 3 years ago • 0 comments

In my case, ~/.ssh/config contains, for the host in question a statement about a "ProxyCommand" which is necessary for the connection. In fact, it is even necessary for the DNS lookup of the actual hostname of the final host. This works beautifully for ssh on the command line and looks somewhat like this:

Host sshproxymachine
    Hostname sshproxymachine.networkname

Host remotename
    Hostname remotename.networkname
    ProxyCommand ssh -W %h:%p sshproxymachine

However, currently, the nm-plugin uses a command line like this:

/usr/bin/ssh -o NumberOfPasswordPrompts=0 -o PreferredAuthentications=publickey -v -o UserKnownHostsFile=/home/user/.ssh/known_hosts -o ServerAliveInterval=10 -o TCPKeepAlive=yes -o Tunnel=point-to-point -o Port=22 -o TunnelDevice=0:100 -o User=root -o HostName=remotename NetworkManager-ssh /sbin/ifconfig tun100 inet 10.88.88.1 netmask 255.255.255.252 pointopoint 10.88.88.2 mtu 1500

This fails, for multiple reasons. First (and this could be bypassed), it does not resolve 'remotename' to 'remotename.networkname' as specified in .ssh/config. However, the second is the most problematic: even if I specify the full hostname in the config, this cannot be resolved, because the ProxyCommand line is ignored (the hostname is only resolvable on the ProxyHost, not the local machine, and the ProxyHost is also necessary to connect to remotename.networkname).

In the end that is the difference between

ssh hostname.networkname (which works, because ssh will read the config file)

and

ssh -o Hostname=hostname.networkname (which does not work, because it prevents ssh from reading the corresponding section in its own config file and thus, using the ProxyCommand)

In order to resolve the current issue: wouldn't it work to not use -o Hostname=xxx but instead simply specify the xxx as destination argument to ssh? This way, not only would the ProxyCommand be used, I could also use simply 'hostname' and not the full 'hostname.networkname' as ssh would be able to lookup that mapping by itself and the nm-ssh plugin doesn't need to care.

knarrff avatar Jan 03 '22 17:01 knarrff