Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bosh ssh fails while using a SOCKS5 proxy with GNU nc #328

Closed
zankich opened this issue Oct 12, 2017 · 8 comments
Closed

bosh ssh fails while using a SOCKS5 proxy with GNU nc #328

zankich opened this issue Oct 12, 2017 · 8 comments

Comments

@zankich
Copy link
Contributor

zankich commented Oct 12, 2017

I tried to ssh into an instance, but I got an nc error...super lame

Looks like nc -X is a BSD nc flag, but doesn't work with GNU nc.

My SOCKS5 proxy connection was created with bbl 5.1.2.

Here's the output of the failed command:

$ bosh -d kubo ssh worker/67314f20-1b44-4e13-b725-8866297b8010 --gw-private-key jumpbox_ssh_key
Using environment 'https://10.0.0.6:25555' as client 'admin'

Using deployment 'kubo'

Task 24. Done
nc: invalid option -- 'X'
Try `nc --help' for more information.
ssh_exchange_identification: Connection closed by remote host

Running SSH:
  1 error(s) occurred:

* Running command: 'ssh -tt -o ServerAliveInterval=30 -o ForwardAgent=no -o PasswordAuthentication=no -o IdentitiesOnly=yes -o IdentityFile=/home/adrian/.bosh/tmp/ssh-priv-key593201751 -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/home/adrian/.bosh/tmp/ssh-known-hosts270573514 -o ProxyCommand=nc -X 5 -x localhost:37307 %!h(MISSING) %!p(MISSING) 10.0.16.10 -l bosh_10cf838c803a4e8', stdout: '', stderr: '': exit status 255

Exit code 1

Available flags for GNU nc:

$ nc --help
GNU netcat 0.7.1, a rewrite of the famous networking tool.
Basic usages:
connect to somewhere:  nc [options] hostname port [port] ...
listen for inbound:    nc -l -p port [options] [hostname] [port] ...
tunnel to somewhere:   nc -L hostname:port -p port [options]

Mandatory arguments to long options are mandatory for short options too.
Options:
  -c, --close                close connection on EOF from stdin
  -e, --exec=PROGRAM         program to exec after connect
  -g, --gateway=LIST         source-routing hop point[s], up to 8
  -G, --pointer=NUM          source-routing pointer: 4, 8, 12, ...
  -h, --help                 display this help and exit
  -i, --interval=SECS        delay interval for lines sent, ports scanned
  -l, --listen               listen mode, for inbound connects
  -L, --tunnel=ADDRESS:PORT  forward local port to remote address
  -n, --dont-resolve         numeric-only IP addresses, no DNS
  -o, --output=FILE          output hexdump traffic to FILE (implies -x)
  -p, --local-port=NUM       local port number
  -r, --randomize            randomize local and remote ports
  -s, --source=ADDRESS       local source address (ip or hostname)
  -t, --tcp                  TCP mode (default)
  -T, --telnet               answer using TELNET negotiation
  -u, --udp                  UDP mode
  -v, --verbose              verbose (use twice to be more verbose)
  -V, --version              output version information and exit
  -x, --hexdump              hexdump incoming and outgoing traffic
  -w, --wait=SECS            timeout for connects and final net reads
  -z, --zero                 zero-I/O mode (used for scanning)

Remote port number can also be specified as range.  Example: '1-1024'

My version of the bosh cli is:

$ bosh -v                                                                                                                     
version 2.0.42-3b55fdd-2017-10-10T00:00:28Z                                                                                   

Succeeded

Here's the offending line in the cli:

"ProxyCommand=nc -X 5 -x %s %%h %%p",

@evanfarrar
Copy link
Member

👍

https://cloudfoundry.slack.com/archives/C2DBC3YGZ/p1507924793000386

@crawsible
Copy link

+1; just got hit with this as well. Switching over to BSD netcat solved the problem.

@mattysweeps
Copy link

mattysweeps commented Nov 9, 2018

+1, is this fixed in a later bosh cli version?

My version is:

bosh --version
version 5.3.1-8366c6fd-2018-09-25T18:25:51Z

@krishicks
Copy link
Contributor

Not fixed as of 5.4.0.

I fixed this by uninstalling netcat and installing netcat-openbsd on Debian.

danail-branekov added a commit to cloudfoundry/garden-dockerfiles that referenced this issue Mar 21, 2019
... so that concourse jobs can perform boshy things such as `bosh ssh -c
very-cool-command`

see
cloudfoundry/bosh-cli#328 (comment)
for details

Dockerhub tag: cfgarden/garden-ci:2.0.9

[#163303619]
@jtuchscherer
Copy link

For anyone coming across this issue, I was able to fix it on my Debian system with the following command:
sudo apt install netcat-openbsd

@snevs
Copy link

snevs commented May 4, 2020

For anyone coming across this issue, I was able to fix it on my Debian system with the following command:
sudo apt install netcat-openbsd

Where's EL version?

@bosh-admin-bot
Copy link

This issue was marked as Stale because it has been open for 21 days without any activity. If no activity takes place in the coming 7 days it will automatically be close. To prevent this from happening remove the Stale label or comment below.

@bosh-admin-bot
Copy link

This issue was closed because it has been labeled Stale for 7 days without subsequent activity. Feel free to re-open this issue at any time by commenting below.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

9 participants