I'am trying to connect to a (latest patches) debian bullseye server (lets call in target) via a (latest patches) debian bullseye (lets call it bastion). I can connect directly to the target (from a latest manjaro), but not via the bastion. The connection via the bastion worked without issue beforehand.
hosts:
target:
User: root
Hostname: <redacted-target-ip>
Port: 22
Gateways:
- bastion
:
Hostname: <redacted>
Port: 22
Looking at the targets sshd logs / auth logs i see
DEBUG generated ssh config file {"buffer": "Host target\n ChallengeResponseAuthentication yes\n CheckHostIP yes\n ControlMaster auto\n ControlPath ~/.ssh/sockets/%h-%p-%r.sock\n ControlPersist yes\n IdentityFile ~/.ssh/id_ed25519\n PasswordAuthentication no\n Port 22\n PubkeyAuthentication yes\n ServerAliveCountMax 3\n ServerAliveInterval 15\n TCPKeepAlive yes\n User root\n # HostName: <redacted>\n # Gateways: [bastion]\n"}
DEBUG Host {"host": "{\"ChallengeResponseAuthentication\":\"yes\",\"CheckHostIP\":\"yes\",\"ControlMaster\":\"auto\",\"ControlPath\":\"~/.ssh/sockets/%h-%p-%r.sock\",\"ControlPersist\":\"yes\",\"IdentityFile\":[\"~/.ssh/id_ed25519\"],\"PasswordAuthentication\":\"no\",\"Port\":\"22\",\"PubkeyAuthentication\":\"yes\",\"ServerAliveCountMax\":3,\"ServerAliveInterval\":15,\"TCPKeepAlive\":\"yes\",\"User\":\"root\",\"HostName\":\"<redacted>\",\"Gateways\":[\"bastion\"],\"Hooks\":{}}"}
DEBUG Proxying
DEBUG Trying gateways {"gateways": "bastion"}
2023/02/21 09:00:39 bastion
DEBUG getHostByName direct matching {"name": "bastion"}
DEBUG Using gateway {"gateway": "bastion", "command": "ssh -W <redacted-target-ip>:22 %name"}
DEBUG ProxyCommand {"command": "ssh -W <redacted-target-ip>:22 bastion"}
Stdio forwarding request failed: Session open refused by peer
ERROR Failed to use 'bastion' gateway with error: {"error": "exit status 255"}
Error: no such available gateway
Usage:
assh connect [flags]
Examples:
Argument is a host.
Did something in assh change?
assh:
assh info
Debug mode (client): false
CLI Path: /usr/bin/assh
Go version: go1.16
OS/Arch: linux/amd64
Version: v2.11.3 (281772c0)
(*) General options:
ChallengeResponseAuthentication: yes
CheckHostIP: yes
ControlMaster: auto
ControlPath: ~/.ssh/sockets/%h-%p-%r.sock
ControlPersist: yes
IdentityFile: ~/.ssh/<redacted>
PasswordAuthentication: no
Port: 22
PubkeyAuthentication: yes
ServerAliveCountMax: 3
ServerAliveInterval: 15
TCPKeepAlive: yes
Do i miss anything obvious? Sorry if it is just a layer8 - just wondering .. it just used to work about 3 weeks ago.
I'am trying to connect to a (latest patches) debian bullseye server (lets call in target) via a (latest patches) debian bullseye (lets call it bastion). I can connect directly to the target (from a latest manjaro), but not via the bastion. The connection via the bastion worked without issue beforehand.
Looking at the targets sshd logs / auth logs i see
Did something in assh change?
assh:
Do i miss anything obvious? Sorry if it is just a layer8 - just wondering .. it just used to work about 3 weeks ago.