Hi Kai
Answers interspersed :
De: "Kai Großjohann" <address@hidden>
À: "SENESI Stéphane" <address@hidden>
Cc: "Michael Albinus" <address@hidden>, address@hidden
Envoyé: Mardi 7 Octobre 2014 21:56:39
Objet: Re: Using a 'bastion' - issue when providing password
I'm hoping that it can be made to work somehow, just need to figure out
how. Get "ssh rt" working outside Emacs, then perhaps it works inside
Emacs, too.
You could try "ssh -vvv rt" for a start, that should show you a number
of debug messages.
I did that. It does not work, either:
- when the ProxyCommad includes option '-t' : it ends with "Pseudo-terminal will not be allocated because stdin is not a terminal."
- when it does not : just hanging
You could try to change the ProxyCommand to add "-vvv" to the ssh
command in there.
You could compare whatever you get from "ssh rt" with what you get when
you type the proxy command manually (use the same "-vvv" in both cases).
I rather compared the outputs of "ssh -vvv" in two cases , on labeled 'working-case' in attachments where the command is issued outside of Emacs, and another called 'telnet-case', from a telnet session in Emacs. There is a significant additional block of debug info in the telnet-case, beginning after " SSH2_MSG_NEWKEYS received" . Upstream of that, there are small differences on two lines of debug info, on the first figures :
debug2: dh_gen_key: priv key bits set: 119/256 (working case shows : 138/256)
debug2: bits set: 1013/2048 (working case shows : 1040/2048)
Are you able to interpret that (or other details in the attachments) ?
Best regards, and , again, thanks
S
Am I making sense? Does this explain the approach I'm thinking about?
Kai
On 7 Oct 2014, at 11:02, SENESI Stéphane wrote:
> Hello Kai
>
> Thanks for the hint but it does not work : after configuring that
> entry with the suggested ProxyCommand, invoking "ssh rt" just hangs
> (even outside of Emacs).
>
> And, also, in the former setting, changing the value of
> tramp-local-end-of-line from Ctrl-J to Ctrl-M did not succeed either.
>
> I had my network people here issue a ticket to the bastion
> manufacturer user support, but am not fully optimistic about getting a
> workable reply ...
>
> So any further idea is still welcome...
>
> Regards
>
> S
>
> ----- Mail original -----
>
> | De: "Kai Großjohann" <address@hidden>
> | À: "SENESI Stéphane" <address@hidden>
> | Cc: "Michael Albinus" <address@hidden>, address@hidden
> | Envoyé: Lundi 6 Octobre 2014 23:50:17
> | Objet: Re: Using a 'bastion' - issue when providing password
>
> | I think Michael meant that you create an additional ~/.ssh/config
> entry
> | beyond the "bel" one that you've got already.
>
> | If I recall correctly, you had to do ssh -t bel address@hidden , and
> bel was an
> | entry in ~/.ssh/config .
>
> | So: create a new entry "rt" in ~/.ssh/config that does ssh -t bel
> address@hidden
> | behind the scenes :-)
>
> | How to do that? Hmmm.
> | Host rt
> | ProxyCommand ssh -t bel address@hidden
>
> | Maybe that works, I'm not sure.
>
> | Kai
>
> | On 3 Oct 2014, at 15:50, SENESI Stéphane wrote:
> | | Hi Michael
> |
>
> | | Thanks for taking time for user support during your vacation !!
> |
> | | Three remarks :
> |
>
> | | ----- Mail original -----
> |
>
> | | | De: "Michael Albinus" address@hidden
> |
> | | | À: "SENESI Stéphane" address@hidden
> |
> | | | Cc: address@hidden
> |
> | | | Envoyé: Vendredi 3 Octobre 2014 13:39:20
> |
> | | | Objet: Re: Using a 'bastion' - issue when providing password
> |
>
> | | | Hi Stéphane,
> |
>
> | | | I am on vacations just now (btw, in France :-)
> |
> | | Enjoy ! but mind that weather will become rainy from Sunday for
> most parts
> | | of
> | | France
> |
>
> | | | so I cannot check in detail until I return. For the time being
> you might
> | | | try
> |
> | | | to add an entry to ~/.ssh/config for your bastion host, which
> fires the
> |
> | | | needed command.
> |
> | | As far as I understand, these bastion won't accept the user to
> isseu
> | | command,
> | | either directly or not, but only react to one of the two options I
> quoted
> | | (providing address@hidden on first ssh command, or choosing an entry in
> a
> | | address@hidden's list
> |
>
> | | | Furthermore, there is a variable tramp-password-end-of-line (or
> so),
> | | | maybe
> |
> | | | you could tweak it somehow.
> |
> | | Do you refer to :
> |
> | | ....
> |
> | | (process-send-string
> |
> | | proc (concat (tramp-read-passwd proc) tramp-local-end-of-line))
> |
> | | If yes, my value for tramp-local-end-of-line is C-j, which seems
> sensible
> | | .... If not, where is the best place to change it ?
> |
>
> | | Best regards
> |
>
> | | S
> |
>
> | | | Best regards, Michael.
> |
> | | --
> |
> | | ----- Météo-France -----
> |
> | | SENESI STEPHANE
> |
> | | CNRM/GMGEC/ASTER
> |
> | | address@hidden
> |
> | | Fixe : +33 561079931
> |
>
> | | Tramp-devel mailing list
> |
> | | address@hidden
> |
> | | https://lists.gnu.org/mailman/listinfo/tramp-devel
> |
>
> --
> ----- Météo-France -----
> SENESI STEPHANE
> CNRM/GMGEC/ASTER
> address@hidden
> Fixe : +33 561079931
--
----- Météo-France -----
SENESI STEPHANE
CNRM/GMGEC/ASTER
address@hidden
Fixe : +33 561079931
working-case