.ssh/config -t pty option - SSH

This is a discussion on .ssh/config -t pty option - SSH ; Hi folks, I have working command ssh hostA -At hostB now i want to simplify that by using .ssh/config file and my host block for connecting to hostB looks like this Host hostB Hostname HostA ForwardAgent yes ProxyCommand ssh hostB ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: .ssh/config -t pty option

  1. .ssh/config -t pty option

    Hi folks,

    I have working command

    ssh hostA -At hostB

    now i want to simplify that by using .ssh/config file and my host block for
    connecting to hostB looks like this

    Host hostB
    Hostname HostA
    ForwardAgent yes
    ProxyCommand ssh hostB

    now i know im missing -t switch to allocate pty, is there option to set in
    config file to allocate pty?

    cause it does not work if i try ssh hostB -t, or ssh hostB -tt

    thanks,
    H.

    --
    ____ __ ___| | ___ Real knowledge .~. hrvoje.spoljar@><.pbf.hr
    (_-< '_ \/ _ \ |_/ -_) is to know / V \
    /__/ .__/\___/__/\___| the extent of /( )\ icq : 53000945
    |_| one's ignorance ^-^

  2. Re: .ssh/config -t pty option

    Hrvoje Spoljar pise na comp.security.ssh:
    > Hi folks,
    >
    > I have working command
    >
    > ssh hostA -At hostB
    >
    > now i want to simplify that by using .ssh/config file and my host block for
    > connecting to hostB looks like this
    >
    > Host hostB
    > Hostname HostA
    > ForwardAgent yes
    > ProxyCommand ssh hostB
    >
    > now i know im missing -t switch to allocate pty, is there option to set in
    > config file to allocate pty?
    >
    > cause it does not work if i try ssh hostB -t, or ssh hostB -tt


    I found answer among the posts, but it's not so clear...
    Can anyone explain why is netcat used?

    --
    ____ __ ___| | ___ Real knowledge .~. hrvoje.spoljar@><.pbf.hr
    (_-< '_ \/ _ \ |_/ -_) is to know / V \ irc # RoCkY
    /__/ .__/\___/__/\___| the extent of /( )\ icq : 53000945
    |_| one's ignorance ^-^

  3. Re: .ssh/config -t pty option

    On 2007-12-21, Hrvoje Spoljar wrote:
    > Hrvoje Spoljar pise na comp.security.ssh:
    >> ssh hostA -At hostB

    [...]
    > I found answer among the posts, but it's not so clear...
    > Can anyone explain why is netcat used?


    "ssh -t hosta ssh hostb" is kind of like a chain of SSH connections.
    At each point in the chain the unencrypted traffic passes through
    the pty layer of each intermediate host.

    "ssh -o 'Proxycommand ssh hosta %h %p' hostb" is more like a stack of
    conections: the connection from the client to hosta is encrypted, then inside
    that there's another SSH connection which uses the netcat on hosta to
    make a TCP connection to hostb.

    In the second case, there's an end-to-end SSH connection between the
    client and hostb. This is much more secure because it means that
    your connection is not subject to MITM attacks on hosta, but it means
    that you double-encrypt in the client.

    Think of it as a set of pipes. Thie first case is two pipes of equal
    diameter with a joint (ie hosta) in the middle. If the joint breaks,
    you have a leak. The second case is a larger pipe to the joint, but a
    smaller pipe inside the first pipe all the way to where you want to go.
    In this case it doesn't matter how weak the joint as long as the inner
    pipe remains intact, but it does use more pipe.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

+ Reply to Thread