Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

"bash: nc: command not found" error on ssh multi-hop [closed]

Tags:

linux

bash

ssh

Environment: Ubuntu 14.04.

When I use no-root account for ssh multi-hops, it's OK.

But when I switch to root account (by $sudo -i), the ssh multi-hops doesn't work and it always gives error "bash: nc: command not found", and /bin/nc is surely there!

Very strange. Anybody has some hints?

The multi-hops ssh config is something like this:

cat ~/.ssh/config

# Multi-Hop SSH
Host serverA 
    HostName serverA.abc.net

# Multi-Hop SSH
Host sha
    ProxyCommand ssh -q serverA nc sha.abc.net 22
like image 757
gary Avatar asked Sep 22 '15 04:09

gary

1 Answers

It's difficult to tell precisely what your problem is from this distance, but it's possible it has something to do with your path being unset, or set in correctly, in your shell environment on "serverA".

My initial suggestion, which I suggest you do not use, is to specify nc's location with its full path. Thus:

ProxyCommand ssh -q serverA /bin/nc sha.example.net 22

Just remember for the sake of portability that nc may not live in this location on all systems. For example, it's at /usr/bin/nc on FreeBSD and OSX.

I don't recall what version of OpenSSH is included with Ubuntu 14.04, but if it's recent enough (i.e. OpenSSH version 5.4 or later), you could replace the nc command with SSH's internal -W option, which instructs ssh to run in "netcat mode". I would replace your ~/.ssh/config entries with the following:

# gateway host
host serverA
    hostname serverA.example.net

host sha
    proxycommand ssh -xaqW%h:22 serverA

Note that I'm also including -x and -a to disable forwarding of X11 and agent authentication.

As for your query about doing this as root, I would suggest that you DO NOT use ssh as root. Either on the server or the client. Confirm that PermitRootLogin no is set in your sshd_config file (in /etc/ or /etc/ssh/), and only ever authenticate as unprivileged users. On the client site, build your automation into unprivileged users who, if they need access to certain root accounts on the remote system, get that access using sudo. It's never a bad idea to do things the Right Way. :)

like image 73
ghoti Avatar answered Sep 24 '22 21:09

ghoti
Sign in to Comment

Related questions

Standalone executables with mono on linux?
How do I use GDB in Eclipse for C/C++ Debugging?
Is oprofile still alive and well?
Jenkins / Hudson CI Minimum Requirements for a linux RH installation
Merging two files by a single column in unix
Why are the system call numbers different in amd64 linux?
Why glibc and pthread library both defined same APIs?
When to call sem_unlink()?
Bash: Why does parent script not terminate on SIGINT when child script traps SIGINT?
Deleting .rbenv from Linux
ldd says "not found" even though library is in my LD_LIBRARY_PATH
What does it mean to break user space? [closed]
Java (J2SE) Bluetooth Low Energy (BLE)
How to do proper file locking on NFS?
Force a shell script to fflush
Call trace when loading a module in Linux
What's the difference between "grep -e" and "grep -E" [closed]
Building a shared library using gcc on Linux and MinGW on Windows
How do you swap /dev/sda with /dev/sdb? [closed]
Is there a way to look for a flag in a man page?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!