ProxyCommand replacement

Kevin - Fri 08/05/2015 09:47:21 CEST +0200

Hi,

I want to use klink.exe (plink.exe) to jump via a (reachable) middle host (A) to a (directly no reachable) second host (B).
A has a public IP. B has only a private IP and is only reachable through A, because A has two network interfaces.

I have followed this instruction:
http://mirko.dziadzka.de/papers/ssh-gateway/ssh-gateway.html
(Sorry, it is in German...)

Main thing is:
You add your public key in Server A and add in the authorized_keys file a command="netcat B 22", so that he automatically connects to the port 22 of Server B and forwards all the traffic without having a local shell in Server A. Of course, AllowTcpForwarding at Server A is set to off, because this is insecure, when everyone can decide on his own which server he wants to connect to. I (the admin) wants to force the user that he is only able to connect to this Server B.

Now I try to configure putty/kitty:
Proxy type: local
Proxy hostname: IP of Server A
Port: 22
Local proxy command: plink username@%proxyhost -agent

Because the connection to server B is automatically initiated, there should be no need to use this plink -nc parameter.

But then KiTTY says, "incoming packet was garbled on decryption".
The complete event log:
2015-05-08 09:40:57 ----- Session restarted

---

2015-05-08 09:40:57 Looking up host "IP.of.Server.A"
2015-05-08 09:40:57 Starting local proxy command: plink username@IP.of.Server.A -agent
2015-05-08 09:40:57 Server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
2015-05-08 09:40:57 We believe remote version has SSH-2 channel request bug
2015-05-08 09:40:57 Using SSH protocol version 2
2015-05-08 09:40:57 We claim version: SSH-2.0-PuTTY_KiTTY
2015-05-08 09:40:57 Incoming packet was garbled on decryption


Someone with an idea?

Thanks,
Kevin

Answer

The forum is actually closed