doc supplementary for connection hoping and agent forwarding

[YxxY]

After some hard work, Finally, I achieve connection hoping in a general way with forwardOut as follows

var Client = require('ssh2').Client;

var conn1 = new Client();
var conn2 = new Client();

conn1.on('ready', function () {
  console.log('FIRST :: connection ready');
  conn1.forwardOut('127.0.0.1', 8000, '192.168.1.2', 22, function (err, stream) {
    if (err) {
      console.log('FIRST :: exec error: ' + err);
      return conn1.end();
    }
    conn2.connect({
      sock: stream,
      host: '192.168.1.2',
      port: 22,
      username: 'username2',
      password: 'password2',
    });
  });
}).connect({
  host: '192.168.1.1',
  port: 22,
  username: 'username1',
  password: 'password1',
});

conn2.on('ready', function () {
  console.log('SECOND :: connection ready');
  conn2.exec('uptime', function (err, stream) {
    if (err) {
      console.log('SECOND :: exec error: ' + err);
      return conn1.end();
    }
    stream.on('end', function () {
      conn1.end(); // close parent (and this) connection
    }).on('data', function (data) {
      console.log(data.toString());
    });
  });
});

as for ssh-agent and agent forward scenario

var Client = require('ssh2').Client;

var conn1 = new Client();
var conn2 = new Client();

conn1.on('ready', function () {
  console.log('FIRST :: connection ready');
  conn1.forwardOut('127.0.0.1', 8000, '192.168.1.2', 22, function (err, stream) {
    if (err) {
      console.log('FIRST :: exec error: ' + err);
      return conn1.end();
    }
    conn2.connect({
      sock: stream,
      host: '192.168.1.2',
      port: 22,
      username: 'sora',
      agent: '/path/to/SSH_AUTH_SOCK',
      agentForward: true
    });
  });
}).connect({
  host: '192.168.1.1',
  port: 22,
  username: 'sora',
  agent: '/path/to/SSH_AUTH_SOCK',
});

conn2.on('ready', function () {
  console.log('SECOND :: connection ready');
  conn2.exec('uptime', function (err, stream) {
    if (err) {
      console.log('SECOND :: exec error: ' + err);
      return conn1.end();
    }
    stream.on('end', function () {
      conn1.end(); // close parent (and this) connection
    }).on('data', function (data) {
      console.log(data.toString());
    });
  });
});

It serves me fine! hope for helping those who had been bothered by the nc command in the example readme

Furthermore, In this example, I use 8000 as the local port, I wonder whether I have to be responsible for this number, for I think it should be dynamic or can be omitted. @mscdex

[mscdex]

The local port can be any valid port number.

[soichih]

@YxxY Thanks for this. I have 1 question for ssh-agent scenario. How can I figure out the agent path for conn2?

agent: '/path/to/SSH_AUTH_SOCK',

I know where the agent is running on the conn1, but on conn2, I probably need to pull it from the ENV (SSH_AUTH_SOCK) on the conn2 right? I think I tried something like first running conn1.exec("set | grep SSH_AUTH_SOCK") type command but it didn't work..

[YxxY]

@soichih The ssh-agent is running locally, not on the conn1 or conn2,
In my example, both the /path/to/SSH_AUTH_SOCK are actually the same value which can be resolved by echo $SSH_AUTH_SOCK,
if you can not get the path value, your ssh agent may not work fine.
And you probably need to refer to ssh-agent-forwarding to figure out how it works

[flippingflapping]

Is it possible for the ssh2 library to create a tunnel via the bastion to the end device without forwarding the port, i.e. a ProxyCommand/-J without the LocalFoward/-L?

[mscdex]

@flippingflapping ssh2 doesn't create local TCP sockets when forwarding, so yes.