Using bastion jump host proxy gateway times out

[benrobot]

I have verified that the following two lines work on fine on both my WSL2 (Linux on Windows) as well as Windows 10 (finally, Windows comes with ssh):

ssh -J user@1.2.3.4 user@5.6.7.8 -L 127.0.0.1:60006:9.10.11.12:1521 -fnNT

sqlplus myRdsUser/myRdsPass@127.0.0.1:60006/abc.defgh

I have also verified that,
if I start the ssh connection using

ssh -J user@1.2.3.4 user@5.6.7.8 -L 127.0.0.1:60006:9.10.11.12:1521 -fnNT

then the following code successfully connects and I'm able to query my database.

new OracleConnection($"Data Source={_hostConnectionProvider.GetHost()/*9.10.11.12*/}:{_hostConnectionProvider.GetPort()/*1521*/}/{config.ServiceName/*abc.defgh*/};User Id={config.Username/*myRdsUser*/};Password={config.Password/*myRdsPassword*/}");

But the equivalent .NET code times out (yes, I did kill the command line SSH connection first). The contents of my .ssh/id_rsa file is the same as what I'm passing into config.PrivateKey and I know it worked because I am able to connect to bastion/jump host/proxy/gateway directly using the private key as configured.

_logger.LogDebug("Getting config");
var config = options.Value;

_logger.LogDebug("Converting private key into memory stream");
var privateKeyStream = new MemoryStream(Encoding.UTF8.GetBytes(config.PrivateKey));
var privateKeyFile = new PrivateKeyFile(privateKeyStream);

var sshConnectionInfo = new ConnectionInfo(
    config.DestinationHost, // 5.6.7.8
    22, 
    config.DestinationHostUsername, // user
    ProxyTypes.None, 
    config.GatewayHost, // 1.2.3.4
    22, 
    config.GatewayHostUsername, // user
    null, 
    new PrivateKeyAuthenticationMethod(config.DestinationHostUsername, privateKeyFile));
_sshClient = new SshClient(sshConnectionInfo);
_sshClient.Connect(); // This line throws after 30 seconds: System.Net.Sockets.SocketException (10060): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

_sshForwardedPort = new ForwardedPortLocal("localhost", config.ProxyDestinationHost /*9.10.11.12*/, config.ProxyDestinationPort /*1521*/);
_sshClient.AddForwardedPort(_sshForwardedPort);
_sshForwardedPort.Start();

return new OracleConnection($"Data Source={_hostConnectionProvider.GetHost()/*9.10.11.12*/}:{_hostConnectionProvider.GetPort()/*1521*/}/{config.ServiceName/*abc.defgh*/};User Id={config.Username/*myRdsUser*/};Password={config.Password/*myRdsPassword*/}");

[JoostJM]

I'm having the same issue, which is also related to the request in #530.
The one thing I do know is the the code example you use does not work, as selecting ProxyTypes.None results in SSHNET ignoring your proxyhost, trying to connect directly to your destination host.

Several proxy options are available, but these do not include a SSH Jump.
A crude work-around which may work is to use port-forwarding (i.e. setting up 1 client, attaching a port-forward to the destination server, then connecting to that forwarded port).

However, I don't like this workaround, as it opens up the connection to your destination server for any program outside the one your running, and uses a several locally connected ports to work...

[JoostJM]

This workaround is similar to what was proposed in #195.

[JoostJM]

As an update. I've forked the repo and added an option to connect through jump servers.

This uses a slightly altered version of the port forwarding mechanism. When a jump channel is created, I shortly create a TCP listener socket on a free (local) port and use it to connect a local Socket. Once this local socket is connected, I dispose of the listener, as no further connections should be made through this listener. Using this connected socket, I instantiate a directtcpip channel and use it to connect to the remote server.

The code is available in this commit.

[darinkes]

Opening two SSH-Connections and use LocalForward is the way to go for a ProxyJump using SSH. The same does ssh(1).

Your implemtation is not correct, since ProxyJump can actually be anything forwarding TCP-Connections.
See ssh_config(5)#ProxyJump and ssh_config(5)#ProxyCommand

[JoostJM]

@darinkes, thanks for the pointer. I'll try to rewrite it a bit, so it can be passed via the proxy connection settings.

[JoostJM]

Rewrite is done. Update includes possibility for multiply sequential proxy connections, and new ProxyType Ssh.

[benrobot]

@JoostJM is there, or has there already been, a pull request open to bring your changes located at https://github.com/JoostJM/SSH.NET/tree/jump-channel into https://github.com/sshnet/SSH.NET?

[JoostJM]

@benrobot,

I did not yet make a pull request. I will rebase my branch on to the current develop. This does come with some additional code review due to changes made by #819.

[benrobot]

I did not yet make a pull request. I will rebase my branch on to the current develop. This does come with some additional code review due to changes made by #819.

@JoostJM Thank you for the update. I look forward to the new feature.

[JoostJM]

@benrobot I created a PR at #954.

[JoostJM]

@benrobot I've finished refactoring the code to deal with recent changes (such as async connections). Initially, there were quite some tests failing, but those are fixed now as well. If you want, this feature is available in the jump-channel branch in my fork of the repo.