Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSH ProxyCommand change user after connect

Tags:

terminal

ssh

I need to be able to connect to a host through another host because of firewall limitations. I'm currently able to connect successfully with the ProxyCommand option. But now I need to change the user after connecting to the destination host, from user_one to user_two.

My current config file:

Host destination
Hostname destination.example.com
User user_one
ProxyCommand ssh -W %h:%p fw.example.com
IdentityFile /Users/local_user/.ssh/id_rsa

I have all the necessary keys for connecting as user_one, but I need to sudo su user_two to be able to login as that user. And I need to act as that user in order to write files through sftp. (This is a webserver).

So how can I automatically switch to user_two?

like image 950
user2479930 Avatar asked Jan 29 '17 13:01

user2479930

People also ask

Can SSH be proxied?

You need an SSH client that can issue CONNECT requests through the company HTTP proxy. If you're on Windows, using Putty is fine as it has built-in support for tunneling through a HTTP proxy. If you're on unix/linux (or cywgin) you can use openssh with corkscrew to go through the proxy to your home computer's port 443.

What is W option in SSH?

The -W option ensures that the connection is forwarded over the secure channel and just passes through the jump host without being decrypted. The jump host must both be able to do the DNS look up for LAN names as well as have an SSH client available.

What is SSH proxy jump?

An SSH jump server is a proxy standing between clients and the rest of the SSH fleet. Jump hosts minimize threats by forcing all SSH traffic to go through a single hardened location and minimizing an individual node's SSH endpoints to the outside world. (Read more: “How to set up an SSH jump server.”)

What is user in SSH config?

User : Defines the username for the SSH connection. IdentityFile : Specifies a file from which the user's DSA, ECDSA or DSA authentication identity is read. The default is ~/. ssh/identity for protocol version 1, and ~/.

1 Answers

You can use RemoteCommand to switch users immediately after logging in. Your .ssh/config would then be:

Host destination
    Hostname destination.example.com
    User user_one
    ProxyCommand ssh -W %h:%p fw.example.com
    IdentityFile /Users/local_user/.ssh/id_rsa
    RemoteCommand sudo su - user_two
    RequestTTY yes

Note that you may also need to add RequestTTY yes, if the remote server requires a TTY when running sudo.

like image 65
Ruurtjan Pul Avatar answered Nov 15 '22 06:11

Ruurtjan Pul
Sign in to Comment

Related questions

Changing Vim Cursor in MobaXTerm
Win console hangs after trying to clone a git repo [duplicate]
Git clone hangs in Ansible
Gitlab CI, ssh runner
use environment variables of remote server in ssh command
Using Gitlab deploy keys with write access
Is REST API over SSH possible?
How to tell SSH to setuid after PAM and not before to remap users
Vscode cannot connect to remote Linux (_WebSocket close with status code 1006)
primitive ssh connection (lowlevel)
How to obtain stateful ssh shell session programmatically?
Git working over http but not ssh
Is it possible to accept user input as part of a remote git post-receive hook?
GitHub Mac app keeps adding SSH keys?
GitLab: I can't push or clone repo, asking for Git password
Composer with git SSH stopped working randomly
ssh does not reliably return output from remote command
Reverse Tunnel over JSCH (SSH) and HTTPS
Vagrant with Docker Provider fails with rsync over ssh
Set up virtualenv with Paramiko SSH

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!