Pseudo-terminal will not be allocated because stdin is not a terminal

I’m trying to set up automatic SSH hopping through a server which doesn’t have nc.

This works from the command line:

ssh -A gateway ssh <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="63101706150623170211040617">[email protected]</a>

(I have added my public key to the SSH agent).

However, adding it to ~/.ssh/config doesn’t:

Host target
  User steveb
  ProxyCommand ssh -A gateway ssh <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="285b5c4d5e4d685c495a4f4d5c4158">[email protected]</a>

$ ssh target
Pseudo-terminal will not be allocated because stdin is not a terminal.


^CKilled by signal 2.

Attempting to force the issue with -t is amusing but unhelpful.
ProxyCommand ssh -A -t gateway ssh <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d1a2a5b4a7b491a5b0a3b6b4a5b8a1">[email protected]</a>

$ ssh target
Pseudo-terminal will not be allocated because stdin is not a terminal.
Pseudo-terminal will not be allocated because stdin is not a terminal.


^CKilled by signal 2.

More -t‘s? No good.
ProxyCommand ssh -A -t -t gateway ssh <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="364542534053764257445153425f46">[email protected]</a>

$ ssh target
tcgetattr: Inappropriate ioctl for device


^CKilled by signal 2.

Is this possible? Most tutorials (eg http://www.arrfab.net/blog/?p=246 ) suggest using nc.

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

SSH ProxyCommand without netcat

The ProxyCommand is very useful when hosts are only indirectly accessible. With netcat it is relative strait forward:

ProxyCommand ssh {gw} netcat -w 1 {host} 22

Here {gw }and {host} are placeholders for the gateway and the host.

But it is also possible when netcat is not installed on the gateway:

ProxyCommand ssh {gw} 'exec 3<>/dev/tcp/{host}/22; cat <&3 & cat >&3;kill $!'

The /dev/tcp is a built-in feature of standard bash. The files don’t exist. To check whether bash has this feature built-in use run:
cat < /dev/tcp/google.com/80

…on the gateway.

To make sure that bash is used, use:

ProxyCommand ssh {gw} "/bin/bash -c 'exec 3<>/dev/tcp/{host}/22; cat <&3 & cat >&3;kill $!'"

And it even works together with ControlMaster.

(Updated on Oct 22 to include kill to clean up background cat)
(Updated on Mar 3 2011 to make placeholders more clear and explain /dev/tcp)

100% credit to roland schulz. Here’s the source:
http://www.rschulz.eu/2008/09/ssh-proxycommand-without-netcat.html
see more useful info in the comments there.

There is also more here:
http://www.linuxjournal.com/content/tech-tip-tcpip-access-using-bash
http://securityreliks.securegossip.com/2010/08/enabling-devtcp-on-backtrack-4r1ubuntu/

UPDATE: here’s something new from Marco

In reference to a ProxyCommand in ~/.ssh/config where one has a line like this:

ProxyCommand ssh gateway nc localhost %p

Marco says:

You don’t need netcat if you use a recent version of OpenSSH. You can replace nc localhost %p with -W localhost:%p.

The result would look like this:

ProxyCommand ssh gateway -W localhost:%p

Method 2

Big T, not little t.

-T' Disable pseudo-tty allocation.
-t' Force pseudo-tty allocation.

My script used to return that message, and does no longer.
/usr/bin/ssh -T -q -i $HOME/.ssh/one_command other_system

I use the authorized_key on the other_system to cause this to run a command:
from="my.mydomain.com",command="bin/remotely-run" ssh-rsa ...

Method 3

Give this a try:

ProxyCommand ssh -A -t gateway ssh -t <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="087b7c6d7e6d487c697a6f6d7c6178">[email protected]</a>

Method 4

You could try the following technique of ssh’ing into server1 followed by ssh’ing into server2.

$ ssh -t <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fa8f899f88cbba899f888c9f88cb">[email protected]</a> ssh -t <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d7a2a4b2a5e597a4b2a5a1b2a5e5">[email protected]</a>

Doing it like this works for me.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments