Please debug SSH Proxy Command, it cannot connect remote server with multihop SSH on PuTTY

Question

I would like to replicate the following ~/.ssh/config from a working Mac setup onto a Windows PuTTY.

Host server01
    HostName 11.22.333.444
    Port 55555
    DynamicForward 1080
    User username
    RemoteForward        52698 localhost:52698

Host server02
    HostName work-machine-name
    ProxyCommand ssh -q server01 nc work-machine-name 22
    User username
    RemoteForward        52698 localhost:52698 

This is the current proxy command that I have a feeling is incorrect on PuTTY:

plink -ssh 11.22.333.444 -P 55555 -l username -D 1080 -R 52698:127.0.0.1:52698 -nc %host:%port

Details:

I'm trying to set up a multihop on PuTTY with SSH proxy so that I can use the remote Atom text editor on my Windows computer to do work on remote machines. Multihop means that first I have to SSH into an intermediate machine and then log in into the final machine.

On the Mac I just start the server on Atom remote package, on a terminal run ssh server02, enter passwords for both logins to get into the remote machine, and run rmate filename to have the remote file automatically show up on the Mac Atom editor with this rmate.

Currently I'm trying to replicate everything on my Windows PuTTY. I followed this multihop on SSH tutorial and referred to the plink manual.

First I added "C:\Program Files (x86)\PuTTY" permanently to PATH. Then I made the following settings to PuTTY, trying to replicate the ~/.ssh/config exactly:

• Session. Host Name: work-machine-name, Port: 22
• Connection -> Data. Auto-login username: username
• Connection -> Proxy. Proxy type: Local, Proxy hostname: 11.22.333.444, Port: 55555, Telnet command or local proxy command: plink -ssh 11.22.333.444 -P 55555 -l username -D 1080 -R 52698:127.0.0.1:52698 -nc %host:%port
• Connection -> SSH -> Tunnels. the window displays for remote port forwarding: R52698 localhost:52698

I get a big blank black screen when I try to run everything. I'm suspecting my ProxyCommand is not set up correctly.

(Btw I have found X11 to be completely unnecessary through my Mac settings.)

Trying to debug, I ran the ProxyCommand plink line on the cmd prompt:

C:\Users\username>plink -ssh 11.22.333.444 -P 55555 -l username -D 1080 -R 52698:127.0.0.1:52698 -nc work-machine-name:22
[email protected]'s password:
SSH-2.0-OpenSSH_6.6.1

And it hangs there after entering the password. On the Mac, it would ask for the second password too and then be connected to the remote work-machine.

Answer 1

it appears the problem you're facing is incompatability between "standard" ssh tooling and putty

some possible workarounds is to use cygwin ssh, linux subsystem for windows, or mobaxterm (which is bassically cygwin + a better terminal emulator and embedded x11 server)

all of them work with the same configuration files format as linux and mac, so your existing config should work

Answer 2

These are a couple of ideas, your use case is very particular and probably are better tools to achieve what you need, to simplify all the proxy you could probably use a VPN between your devices, but to focus on the SSH side I would suggest checking how forwarding is being done and how to test (bastion) setup using putty.

forwarding

What could be happening is that in your windows client, the ssh passwords are not been forwarded, something that works when doing:

ssh -A 

From the man:

-A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file.

In windows when using putty to achieve something similar you need to use something call Pageant.

Pageant is a PuTTY authentication agent. It holds your private keys in memory so that you can use them whenever you are connecting to a server. It eliminates the need to:

• Explicitly specify the relevant key to each Linux user account, if you use more than one account to log into a server

• Type a key's passphrase each time you log into your user account; and your keys should be passphrase protected since having an unprotected key is as good as hiding your password under your keyboard!

To know more about how to configure your client follow this guide: https://www.digitalocean.com/community/tutorials/how-to-use-pageant-to-streamline-ssh-key-authentication-with-putty

bastion - ssh tunnel

Check this guide, https://blog.devolutions.net/2017/04/how-to-configure-an-ssh-tunnel-on-putty.html