rdiff-backup-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hopping over ssh bastion

From: Adam Weremczuk
Subject: Re: hopping over ssh bastion
Date: Tue, 29 Jun 2021 18:28:47 +0100
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 
Hi all,

Thank you for all the hints but I still can't get it to work :(
I have checked /etc/ssh/sshd_config on BASTION and AllowTcpForwarding is set to "yes". 

My ~/.ssh/config on SOURCE machine:

Host backup
        HostName firewall.example.com
        Port 8822
        IdentityFile ~/.ssh/backup
        IdentitiesOnly yes
        User myuser
        StrictHostKeyChecking yes
        RequestTTY no
This is working fine when I run rdiff-backup on SOURCE and connect to BACKUP directly (port 8822 is forwarded on the FIREWALL) 

Now I want to add BASTION between FIREWALL and BACKUP.
SSH on BASTION is also accessible from SOURCE (port 9922 is forwarded on the FIREWALL). BASTION can SSH to BACKUP on the same port 9922.
How exactly do I need to modify ~/.ssh/config on SOURCE to incorporate this chain and the port numbers? 

Regards,
Adam

On 25/06/2021 12:52, Patrik Dufresne wrote:

Hello Adam,

When using the SSH proxy command this following message "Fatal Error:
Truncated header string (problem probably originated remotely)" is
generated by SSH. Usually this gets printed when the box doesn't allow ssh
tunnel.

On the bastion server, You should review your /etc/ssh/sshd_config and make
sure you have "AllowTcpForwarding yes".

After that, you may create a file in ~/.ssh/config

Host <hostname-behind-bastion>
   ProxyCommand ssh -q -A -x <bastion-hostname> -W <ip-behind-bastion>:22

I invite you to test the configuration by calling ssh manually first, to
make sure the ssh configuration is working, before trying to test it with
rdiff-backup.



On Fri, Jun 25, 2021 at 7:36 AM Frank Crawford <frank@crawford.emu.id.au>
wrote:


Adam,

This should work with any issue, but can you share the actual
ProxyCommand you are using.

Also, what do you get if you log in yourself directly?

And you may want to up the verbosity of rdiff-backup output (e.g. -v5)
to see what is being returned.

Regards
Frank

On Thu, 2021-06-24 at 17:59 +0100, Adam Weremczuk wrote:

Hi all,

I run old rdiff-backup 1.2.8 on a remote server and one local behind
an
ssh bastion.

Direct backup over ssh work fine but I struggle hopping over
intermediary box. All 3 run Debian.

I've tried ProxyCommand with and without netcat but each time I'm
getting:

---------------------------------------------------------------------
----------------------------------

Fatal Error: Truncated header string (problem probably originated
remotely)

Couldn't start up the remote connection by executing

      ssh -C backup rdiff-backup --server

Remember that, under the default settings, rdiff-backup must be
installed in the PATH on the remote system.  See the man page for
more
information on this.  This message may also be displayed if the
remote
version of rdiff-backup is quite different from the local version
(1.2.8).

---------------------------------------------------------------------
----------------------------------

I haven't been able to find any recipes online and I'm assuming it's
feasible.

Could anyone help?

Regards,
Adam
reply via email to
[Prev in Thread] Current Thread [Next in Thread]