Mosh via two-level ssh (FreeBSD, jails)

Question

I am fond of mosh but I have problem connecting via two-level ssh. Consider this scenario:

host machine running FreeBSD which has closed all ports from outside
first jail having ssh port 2222 open from the outside is on public IP let's say door.example.com
second jail with private IP address named DEV.example.com that can be ssh-ed from door.example.com on port 2222 as well
redirection is set up to forward udp port 60000 from door.example.com to DEV.example.com

There is generaly some problem with ttys and jails, but I am able to connect this way:

ssh -t -t -p2222 door.example.com -- ssh -p2222 DEV.example.com

being asked for both password to door.example.com and DEV.example.com afterwards.

I have tried this mosh command (also tried all variations with and without -t -t params):

mosh --port 60000 \
  --ssh "ssh -t -t -p2222" \
  --server "ssh -t -t -p2222 DEV.example.com mosh-server" \
  door.example.com

but I always get hanging on password authentication to the second jail with no password prompt.

Funny thing is that from android mosh-flavored irssi connect bot this works when I set up mosh port to 60000 and as mosh server I fill in ssh -t -t -p2222 DEV.example.com mosh-server

I know there are ways to set-up ssh proxy but I don't want to have things like netcat on the door jail. This should work somehow especially because it already works from my phone.

Ah, it seems that on linux only the password prompt is not displayed - I entered the second password and the request goes successfully through. But on Mac OS X I cannot go through - so problem is probably on Mac OS X ssh... — geronime, Jul 18 '13 at 21:27
On Mac OS X I updated the openssh from homebrew and still the request can't go through the second ssh. So I'm still stuck. — geronime, Jul 19 '13 at 13:59
of course I did - both in `--ssh` and `--server` and combinations. It hangs on the authentication. — geronime, Jul 31 '13 at 08:54

score 0 · Answer 1 · answered Aug 15 '13 at 15:41

Is there a reason the mosh-server needs to be at the end point (dev) rather than at the entry (door)?

I use something like:

mosh --port 60000 \
     --ssh "ssh -t -t -p2222" \
     -- door.example.com ssh -t -t -p2222 dev.example.com

For my setup at home.

FWIW, I use something like this for irssi:

mosh --ssh="ssh -p2222" \
     -- user@dmz.example.com ssh -q -t user@irssi.example.com \
                 screen -c /home/user/.screen.irc -UxaA irc

Both my servers are FreeBSD and clients are either MacBook Air or a laptop running Ubuntu. I had gone with a dmz host with host based firewall, to overcome the limited forwards available on my current router.

I don't want to install any software in the entry jail so that is not a solution for me. — geronime, Aug 27 '13 at 13:23

Mosh via two-level ssh (FreeBSD, jails)

1 Answers1