I am fond of mosh but I have problem connecting via two-level ssh. Consider this scenario:
- host machine running FreeBSD which has closed all ports from outside
- first jail having ssh port 2222 open from the outside is on public IP let's say door.example.com
- second jail with private IP address named DEV.example.com that can be ssh-ed from door.example.com on port 2222 as well
- redirection is set up to forward udp port 60000 from door.example.com to DEV.example.com
There is generaly some problem with ttys and jails, but I am able to connect this way:
ssh -t -t -p2222 door.example.com -- ssh -p2222 DEV.example.com
being asked for both password to door.example.com and DEV.example.com afterwards.
I have tried this mosh command (also tried all variations with and without -t -t params):
mosh --port 60000 \
--ssh "ssh -t -t -p2222" \
--server "ssh -t -t -p2222 DEV.example.com mosh-server" \
door.example.com
but I always get hanging on password authentication to the second jail with no password prompt.
Funny thing is that from android mosh-flavored irssi connect bot this works when I set up mosh port to 60000 and as mosh server I fill in ssh -t -t -p2222 DEV.example.com mosh-server
I know there are ways to set-up ssh proxy but I don't want to have things like netcat on the door jail. This should work somehow especially because it already works from my phone.
Is there a reason the
mosh-serverneeds to be at the end point (dev) rather than at the entry (door)?I use something like:
For my setup at home.
FWIW, I use something like this for irssi:
Both my servers are FreeBSD and clients are either MacBook Air or a laptop running Ubuntu. I had gone with a dmz host with host based firewall, to overcome the limited forwards available on my current router.