1

Can anyone recommend how to set up my SSH config file to let me proxy into a server that sits behind a login node when I need to use hostbased authentication.

My problem is logging into the compute node of a cluster computer that sits behind some login nodes. I can SSH into the login node myself and then SSH into the compute node just fine. When I use the verbose flag on SSH, it tells me that it logs into the compute node using "hostbased" authentication.

I was also able to set up my SSH config like this

login
  Hostname login.hpc.edu
  User electronsnstuff

compute
  Hostname node0001
  User electronsnstuff
  ProxyJump login

I successfully get into the jump server, but then I get prompted for a password on the second hop. The issue is that this cluster does not accept our system password on login nodes. It seems like only "hostbased" authentication works. My question is if there is a way to modify the SSH config to allow hostbased authentication the same as if I logged in interactively and then logged into a compute node.

Improve this question
1

1 Answer 1

Reset to default
0

This exact scenario came up in my own work recently, and I spent a while playing around with the ProxyCommand ssh -W %h:%p that other sources mention. While I couldn't get that to work, I've found a different method that does, at least for me.

In my testing, I found that a command like ssh -t login ssh node0001 functioned as I expected, allowing host-based auth between the login and compute nodes. While it feels a bit hacky, this can be specified in your SSH config file as:

Host compute
    HostName login
    RemoteCommand ssh node0001
    RequestTTY yes

Hope this helps!

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.