Emacs Tramp ssh double hop

S

3

5

Could somebody please help me setup Emacs Tramp to do a double hop? I want to work on machine2.abc.def.edu to which I can connect only through machine1.abc.def.edu. My username is myname, on both machines same.

I've tried to add .emacs:

(add-to-list 'tramp-default-proxies-alist
          '("\\`machine2\\.abc\\.def\\.edu\\'"
            "\\`myname\\'"
            "/ssh:machine1\\.abc\\.def\\.edu:"))

This is my best guess interpretation of what's in the manual. Then I do: C-x C-f /ssh:machine2.abc.def.edu or: C-x C-f /ssh:[email protected]

But both give:

ssh: Could not resolve hostname ssh: nodename nor servname provided, or not known
Process *tramp/scpc ssh* exited abnormally with code 255

And my Aquamacs can't be quitted and have to killed from shell... There is a 2 years thread here with same question. I've tried the answer from there:

(add-to-list 'tramp-default-proxies-alist
          '("machine2.abc.def.edu"
            nil
            "/ssh:[email protected]:"))

With same results... also for all combinations I could come up with... Remote editing on machine1.abc.def.edu works fine, though.

Speechmaker answered 1/5, 2011 at 10:23 Comment(3)

Looks related to #716355 though not sure if that answers your question – Echeverria 1/5, 2011 at 10:49

Yes this is exactly the post I refered to in my post (i.e. solution 2). It doesn't work for me.... the netcat solution is also not feasible for me... – Speechmaker 1/5, 2011 at 12:12

You might want to customize the tramp-verbose variable to see if you can get more information. – Toddtoddie 1/5, 2011 at 14:24

S

4

Okay, let's try something different then, without opening a tunnel. How about the following in your .emacs file:

(add-to-list 'tramp-default-proxies-alist 
             '("\\`machine2\\'" 
               nil 
               "/ssh:%[email protected]:"))

This is different from the code you found in the forum post in two points:

it adds ticks around the target host name (Emacs regexp syntax to avoid matching partial names)
it uses only the subdomain name in the target host (you reported in a comment below that you cannot ssh to machine2 when you use the full domain name)

Does that help when you try to access a file on machine2?

Selfabuse answered 1/5, 2011 at 17:8 Comment(2)

Wow! It works!!! Thanks so much Thomas! It's quite unbelievable for me that there are people here willing and able to help strangers! :) Thanks very very much. For posteriority if somebody has similar troubles: to login: C-x C-f myname@machine2 (i.e. no domains) – Speechmaker 1/5, 2011 at 19:56

Great! (I think this is particular to your local setup, though). – Selfabuse 12/11, 2016 at 19:19

C

10

The answer it to use the ssh_proxy command available in ssh_config. Documented here and here. Basically you create a config file in your ssh folder that you can write shortcuts in. One of your shortcuts is to use a proxy through another end point. All of your shortcuts work for any tool that uses ssh including git and emacs.

Host endpoint2
     User myusername
     HostName mysite.com
     Port 3000
     ProxyCommand ssh endpoint1 nc -w300 %h %p

Host endpoint1
     User somename
     HostName otherdomainorip.com
     Port 6893

In this example running ssh endpoint2 will automatically hop through endpoint1.

Convolve answered 1/5, 2011 at 18:49 Comment(2)

Haven't tried it since the above solution worked, but thank ou very much for replying. Might be useful in future! – Speechmaker 1/5, 2011 at 19:58

Note: I had to use "User" and not "Username" (in endpoint1 example) and I had to use "HostName" and not "Host" for both. – Osmund 4/11, 2013 at 18:58

S

4

Okay, let's try something different then, without opening a tunnel. How about the following in your .emacs file:

(add-to-list 'tramp-default-proxies-alist 
             '("\\`machine2\\'" 
               nil 
               "/ssh:%[email protected]:"))

This is different from the code you found in the forum post in two points:

it adds ticks around the target host name (Emacs regexp syntax to avoid matching partial names)
it uses only the subdomain name in the target host (you reported in a comment below that you cannot ssh to machine2 when you use the full domain name)

Does that help when you try to access a file on machine2?

Selfabuse answered 1/5, 2011 at 17:8 Comment(2)

Wow! It works!!! Thanks so much Thomas! It's quite unbelievable for me that there are people here willing and able to help strangers! :) Thanks very very much. For posteriority if somebody has similar troubles: to login: C-x C-f myname@machine2 (i.e. no domains) – Speechmaker 1/5, 2011 at 19:56

Great! (I think this is particular to your local setup, though). – Selfabuse 12/11, 2016 at 19:19

S

2

Set up an ssh tunnel from machine1 to machine2 (assuming that sshd runs on port 22 on machine2):

machine1.abc.def.edu> ssh -f -N -L 2222:localhost:22 machine2.abc.def.edu

Then either connect to machine2 from Emacs like this:

/ssh:machine1.abc.def.edu#2222

or add the following line to your .emacs:

(add-to-list 'tramp-default-proxies-alist
             '("\\`machine2\\.abc\\.def\\.edu\\'" nil
               "/tunnel:machine1.abc.def.edu#2222:"))

Selfabuse answered 1/5, 2011 at 12:9 Comment(6)

Thank you, but this gives the same error. I've checked and the port is indeed 22. Tried both the /ssh: and adding the snippet to .emacs - no joy... – Speechmaker 1/5, 2011 at 12:32

That sucks! Can you connect to machine2 from the shell by running ssh -p 2222 machine1.abc.def.edu? – Selfabuse 1/5, 2011 at 13:40

Nope... although I'm bit confused, what you meant: on my laptop both ssh -p 2222 machine1.abc.def.edu and ssh -p 2222 machine2.abc.def.edu give "Connection refused". ssh machine1.abc.def.edu works fine. – Speechmaker 1/5, 2011 at 13:54

I've noticed you added -f -L flags in your original reply. This doesn't work for me. The only thing that works is: machine1.abc.def.edu> ssh -L 2222:localhost:22 machine2 - i.e. if I add the domain .abc.def.edu it complains ("uudecode failed"), the same if I add the additional flags. – Speechmaker 1/5, 2011 at 14:26

I've added -f -N, but they are optional. Is machine1 behind a firewall? It seems that you can reach port 22 on machine1 but not port 2222... Just to be clear, what I meant was you first login on machine1 and establish the tunnel with ssh -L 2222:localhost:22 machine2. Then from your laptop you try to do ssh -p 2222 machine1.abc.def.edu. – Selfabuse 1/5, 2011 at 15:13

OK, yes this is exactly what I thought/did. Not sure about the firewall but it is possible... I do not have root access to either of the machines and just generally would prefer not to setup a tunnel. I thought that the proxy approach of tramp should be able to handle this... – Speechmaker 1/5, 2011 at 16:48

Recommended topics

Hot tags