Using ssh in Bash/WSL as a local proxy command
WinSCP Portable 5.9.6 (Build 7601)
Windows 10 Enterprise Anniversary Edition (10.0.14393) - can't be updated yet, due to corporate policy
Through the GUI, I have created a site configuration to connect to a server through an intermediary jump server, using PuTTY's plink.exe as a local proxy command which works as I expect. The jump server uses a non-standard port and requires authentication by a key which is stored in memory by KeeAgent, that plink makes use of. From the jumpserver, the target endserver is a straightforward SSH connection using a different username / password.
If I look in winscp.log, I see the successful connection:
If I run the same local proxy command directly in an Administrator Command Prompt window, I see:
and I must Ctrl+C to quit out of it.
Now I am trying to replace the dependency on plink.exe with the OpenSSH ssh command-line client available under Bash in Windows Subsystem for Linux. I have replaced the Local proxy command in the entry with:
The call to the start_keepass_agent.sh script is a workaround required because Bash/WSL in Anniversary Edition does not yet support sockets completely.
Unfortunately, WinSCP errors when I try to Login. This is what I find in winscp.log:
If I run the local proxy command directly from an Administrator Command Prompt window, I get the same behaviour as the successful plink command-line above: the connection is held open and I must Ctrl-C to quit back to the command prompt.
I thought at first that maybe the ssh command requires the -N flag to tell ssh not to execute a remote command. However, adding that flag just results in a different error in winscp.log:
I've tried increasing the debug level in the logging, but it doesn't add anything more useful.
Soo ... does anyone have any suggestions on what I might be missing in my local proxy command? Or is it that WinSCP can't make use (or, at least, in the Anniversary Edition?) of ssh in the Bash/WSL environment as a local proxy?
Any thoughts appreciated. TIA.
Windows 10 Enterprise Anniversary Edition (10.0.14393) - can't be updated yet, due to corporate policy
Through the GUI, I have created a site configuration to connect to a server through an intermediary jump server, using PuTTY's plink.exe as a local proxy command which works as I expect. The jump server uses a non-standard port and requires authentication by a key which is stored in memory by KeeAgent, that plink makes use of. From the jumpserver, the target endserver is a straightforward SSH connection using a different username / password.
--- Site configuration --- File protocol: SFTP Host name: endserver.example.com Port number: 22 User name: targetuser Password: targetpassword Advanced Site Settings -> Connection -> Proxy Proxy type: Local Local proxy command: E:\\putty\\PLINK.EXE -P 2222 jumpserveruser@jumpserver.example.com -nc endserver.example.com:22
If I look in winscp.log, I see the successful connection:
. 2017-08-01 10:19:24.323 Leaving host lookup to proxy of "endserver.example.com" (for SSH connection) . 2017-08-01 10:19:24.323 Starting local proxy command: E:\putty\PLINK.EXE -P 2221 jumpserveruser@jumpserver.example.com -nc endserver.example.com:22 . 2017-08-01 10:19:24.327 We claim version: SSH-2.0-WinSCP_release_5.9.6 . 2017-08-01 10:19:24.880 Server version: SSH-2.0-OpenSSH_6.6.1 . 2017-08-01 10:19:24.880 We believe remote version has SSH-2 channel request bug . 2017-08-01 10:19:24.880 Using SSH protocol version 2 . 2017-08-01 10:19:24.888 Doing ECDH key exchange with curve Curve25519 and hash SHA-256 . 2017-08-01 10:19:25.248 Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them . 2017-08-01 10:19:25.249 Host key fingerprint is: . 2017-08-01 10:19:25.249 ssh-ed25519 256 c3:37:23:96:45:62:1a:a2:1f:4a:a6:1c:0d:3b:0e:eb . 2017-08-01 10:19:25.249 Verifying host key ssh-ed25519 0x6baa2eba5ed0d4a5 4c1e62a061f73ba3 a098ed827667a1eb b5826d9d59eb9436 ,0x5979f60fc5c0336a 5392f64db41ba904 214b1410dbea53d1 c708f8a522240e78 with fingerprint ssh-ed25519 256 c3:37:23:96:45:62:1a:a2:1f:4a:a6:1c:0d:3b:0e:eb . 2017-08-01 10:19:25.283 Asking user: . 2017-08-01 10:19:25.283 **Continue connecting to an unknown server and add its host key to a cache?** . 2017-08-01 10:19:25.283 . 2017-08-01 10:19:25.283 The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is. . 2017-08-01 10:19:25.283 <SNIP>
If I run the same local proxy command directly in an Administrator Command Prompt window, I see:
E:\putty>E:\\putty\\PLINK.EXE -P 2222 jumpserveruser@jumpserver.example.com -nc endserver.example.com:22 SSH-2.0-OpenSSH_6.6.1
and I must Ctrl+C to quit out of it.
Now I am trying to replace the dependency on plink.exe with the OpenSSH ssh command-line client available under Bash in Windows Subsystem for Linux. I have replaced the Local proxy command in the entry with:
C:\\Windows\\System32\\bash.exe -c '. ~/start_keepass_agent.sh;ssh -W %host:%port -o StrictHostKeyChecking=no -p 2222 jumpserveruser@jumpserver.example.com'
The call to the start_keepass_agent.sh script is a workaround required because Bash/WSL in Anniversary Edition does not yet support sockets completely.
Unfortunately, WinSCP errors when I try to Login. This is what I find in winscp.log:
. 2017-08-01 13:36:39.731 Leaving host lookup to proxy of "endserver.example.com" (for SSH connection) . 2017-08-01 13:36:39.732 Starting local proxy command: C:\Windows\System32\bash.exe -c ". ~/start_keepass_agent.sh;ssh -W endserver.example.com:22 -o StrictHostKeyChecking=no -p 2222 jumpserveruser@jumpserver.example.com" . 2017-08-01 13:36:39.733 We claim version: SSH-2.0-WinSCP_release_5.9.6 . 2017-08-01 13:36:39.784 Error 232: The pipe is being closed. * 2017-08-01 13:36:39.839 (EFatal) Error 232: The pipe is being closed.
If I run the local proxy command directly from an Administrator Command Prompt window, I get the same behaviour as the successful plink command-line above: the connection is held open and I must Ctrl-C to quit back to the command prompt.
I thought at first that maybe the ssh command requires the -N flag to tell ssh not to execute a remote command. However, adding that flag just results in a different error in winscp.log:
. 2017-08-01 13:51:08.677 Leaving host lookup to proxy of "endserver.example.com" (for SSH connection) . 2017-08-01 13:51:08.677 Starting local proxy command: C:\Windows\System32\bash.exe -c ". ~/start_keepass_agent.sh;ssh -N -W endserver.example.com:22 -o StrictHostKeyChecking=no -p 2222 jumpserveruser@jumpserver.example.com" . 2017-08-01 13:51:08.679 We claim version: SSH-2.0-WinSCP_release_5.9.6 . 2017-08-01 13:51:08.730 Server unexpectedly closed network connection . 2017-08-01 13:51:08.730 Using non-standard protocol or port, tunnel or proxy, will not knock FTP port. * 2017-08-01 13:51:08.784 (EFatal) Server unexpectedly closed network connection.
I've tried increasing the debug level in the logging, but it doesn't add anything more useful.
Soo ... does anyone have any suggestions on what I might be missing in my local proxy command? Or is it that WinSCP can't make use (or, at least, in the Anniversary Edition?) of ssh in the Bash/WSL environment as a local proxy?
Any thoughts appreciated. TIA.