Using et through a jumphost

[rayjlinden]

I've been using et for a while over a VPN - works great!

However, we are moving to use a jumphost instead. I can not seem to get et to work through the jump host.

I can jump through the jumpiest just fine with ssh. I do it like this:

ssh -A -J [email protected] [email protected]

With et though things just hang for me. Here is what I'm running:

et --jumphost backdoor.dev.tilia-inc.com  -c "tmux -CC -S /tmp/shareds attach -t shared || tmux -CC -S /tmp/shareds new -s shared" [email protected]

I'm probably doing something wrong. So any help would be appreciated. Or at least some guidance on how to debug this better?

[MisterTea]

Is the et server running on the jumphost?

[rayjlinden]

Yes. And the target server of course. I can et to the jumphost directly and that works fine. It just hangs when trying the jump….

On Wed, Aug 24, 2022 at 9:39 PM Jason Gauci ***@***.***> wrote: Is the et server running on the jumphost? — Reply to this email directly, view it on GitHub <#532 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKE5LWTCJAMAK5KL3LQQMKTV232JHANCNFSM57RIDN7Q> . You are receiving this because you authored the thread.Message ID: ***@***.***>

-- *Ray Johnson *| *CTO* *email:* ***@***.*** *Tilia* | <http://www.tilia.io/> <http://www.tilia.io/>Powering Virtual <http://www.tilia.io/> Economies <http://www.tilia.io/>

[jshort]

@rayjlinden Can you provide logs from your client (/tmp/etclient-) and your server(s) (/tmp/etserver- and /tmp/etterminal--*).

Also I'd recommend removing your complex -c arg and trying to simply get to a shell on your target host to debug the issue.

[yurenchen000]

heavily Inspired by ET
in order to interoperability with ssh

• as jump host
• connection multiplexing
• run cmd like ssh

I made a ssh proxyCommand tool to achieve that goal
ssh-keep

[ddebin]

Same bug here, can't ProxyJump. I found the bug lie in the parsing of the hostname string when you specify a user.

et [email protected] --jumphost bastion.server.com works though it connects to bastion.server.com with local user.

But et [email protected] --jumphost [email protected] doesn't work as it parses the hostname to connect to as [email protected].

It's visible in the error message Could not reach the ET server: [email protected]:2022 (we should read Could not reach the ET server: bastion.server.com:2022).

(MacOS, Apple Silicon M1)

[AGI-chandler]

At first we could not connect to the destination from the jump host due to SSH Agent error.  That appears resolved with et's -f option and now we've been able to connect to our destination by first connecting to the jump host.

However, still unable to connect to our destination through the jump host with a single command.  Is it due to this issue which was fixed in #614 but not exist in our version of et yet?  We just upgraded to version 6.2.8-trixie2 from https://mistertea.github.io/debian-et/debian-source trixie/main amd64 Packages.

Can you help us establish this connection?

~/.ssh/config:

Host myJumphost
	HostName JumpHost.Arizona.EDU
	IdentityFile ~/.ssh/me.myJumphost
Host dest
	User dest-user
	Hostname Dest.arizona.edu
	IdentityFile ~/.ssh/dest-user.dest
	ProxyJump myJumphost

SSH works as expected:

$ ssh dest
Last login:  earlier  from  myJumphost
[dest-user@dest ~]$ 

Issues with et:

$ et dest
Could not reach the ET server: myJumphost:2022

etclient.log:

[INFO today earlier client-main ParseConfigFile.hpp:1400] unsupported config line: foo yes, ignored
[...20-30 more unsupported config lines found, ignored...]
[INFO today earlier+,001 client-main TerminalClientMain.cpp:244] Parsed ssh config file, connecting to Dest.arizona.edu
[INFO today earlier+,001 client-main TerminalClientMain.cpp:270] ProxyJump found for dst in ssh config: myJumphost
[INFO today earlier+,001 client-main TerminalClientMain.cpp:277] Setting port to jumphost port

etclient-stderr.log:

Setting up and starting sentry
Shutting down sentry

Issue 1 [believed resolved]:

Attempted fix & Issue 2 [unresolved]:

$ et -f dest
Could not reach the ET server: myJumphost:2022

etclient.log and etclient-stderr.log contain the same messages as without -f option.

Have tried different combinations of options like putting the full hostname of myJumphost in the ~/.ssh/config, or removing myJumphost entry from the config and specifying jump options with the command, and so on, but always "could not reach the ET server".

[AGI-chandler]

Hi @MisterTea, any feedback regarding above connection issue and how we might get connected to our server via the jump host?  Thanks

[MisterTea]

Does it work if you make two et connections (one to the jumphost and then another et connection from within the jumphost to the destination)?

[AGI-chandler]

Yes sir, it does, but only if -f is used with first connection to myJumphost (otherwise SSH_AUTH_SOCK error):

$ et -f myJumphost

[me@myJumphost ~]$ 
[me@myJumphost ~]$ et dest

[dest-user@dest ~]$ 

[MisterTea]

Can you try using the -J command directly instead of relying on the ssh config and see if that works?

[AGI-chandler]

Can you try using the -J command directly instead of relying on the ssh config and see if that works?

Idk what you mean.  There is no -J option for et and I don't see a way to use ssh's -J option with et.  There is only --ssh-option arg Options to pass down to 'ssh -o'.  The man page for -J says:

This is a shortcut to specify a ProxyJump configuration directive.  Note that configuration direc‐
tives supplied on the command-line generally apply to the destination host and not any specified jump hosts.
Use ~/.ssh/config to specify configuration for jump hosts.

Since myJumphost has a different login user and different key file, ~/.ssh/config must be used.  Thus I renamed my ~/.ssh/config to ~/.ssh/config.disabled and used an ~/.ssh/config with only:

Host myJumphost
	HostName JumpHost.Arizona.EDU
	IdentityFile ~/.ssh/me.myJumphost

and tried: et --ssh-option ProxyJump=myJumphost --ssh-option User=dest-user --ssh-option IdentityFile=~/.ssh/dest-user.dest dest.arizona.edu

Result:
Could not reach the ET server: dest.arizona.edu:2022

I added -v 1 to the et command and checked the log file, it started with this:
[INFO date time client-main ParseConfigFile.hpp:1400] unsupported config line: IdentityFile ~/.ssh/me.myJumphost, ignored

Tried using /home/me instead of ~ but still being ignored.  That took a couple hours already, any further suggestions or ideas?

[MisterTea]

There should be a -J option in et. The longform is --jumphost

[rayjlinden]

Oddly -J does not show up in et --help. But it does work. The flag --jumphost is documented in et --help though. (This is on et version 6.2.8) Ray

…

On Sat, Apr 27, 2024 at 6:35 AM Jason Gauci ***@***.***> wrote: There should be a -J option in et. The longform is --jumphost — Reply to this email directly, view it on GitHub <#532 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKE5LWRTNT2SYIRKLBROG5LY7OSSRAVCNFSM57RIDN72U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMBYGA3DONJVGQYA> . You are receiving this because you were mentioned.Message ID: ***@***.***>