Since OpenSSH 5.4 there is a new feature called natcat mode, which allows you to bind STDIN and STDOUT of local
SSH client to a TCP port accessible through the remote
SSH server. This mode is enabled by simply calling
ssh -W [HOST]:[PORT]
Theoretically this should be ideal for use in the ProxyCommand setting in per-host
SSH configurations, which was previously often used with the nc (netcat) command. ProxyCommand allows you to configure a machine as proxy between you local machine and the target
SSH server, for example if the target
SSH server is hidden behind a firewall.
The problem now is, that instead of working, it throws a cryptic error message in my face:
Bad packet length 1397966893.
Disconnecting: Packet corrupt
Here is an excerpt from my ~/.ssh/config:
Host *
Protocol 2
ControlMaster auto
ControlPath ~/.ssh/cm_socket/%r@%h:%p
ControlPersist 4h
Host proxy-host proxy-host.my-domain.tld
HostName proxy-host.my-domain.tld
ForwardAgent yes
Host target-server target-server.my-domain.tld
HostName target-server.my-domain.tld
ProxyCommand
ssh -W %h:%p proxy-host
ForwardAgent yes
As you can see here, I'm using the ControlMaster feature so I don't have to open more than one
SSH connection per-host.
The client machine I tested this with is an Ubuntu 11.10 (x86_64) and both proxy-host and target-server are Debian Wheezy Beta 3 (x86_64) machines.
The error happens when I call
ssh target-server. When I call it with the -v flag, here is what I get additionally:
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /home/aef/.ssh/config
debug1: Applying options for *
debug1: Applying options for target-server.my-domain.tld
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/home/aef/.ssh/cm_socket/
[email protected]:22" does not exist
debug1: Executing proxy command: exec
ssh -W target-server.my-domain.tld:22 proxy-host.my-domain.tld
debug1: identity file /home/aef/.ssh/id_rsa type -1
debug1: identity file /home/aef/.ssh/id_rsa-cert type -1
debug1: identity file /home/aef/.ssh/id_dsa type -1
debug1: identity file /home/aef/.ssh/id_dsa-cert type -1
debug1: identity file /home/aef/.ssh/id_ecdsa type -1
debug1: identity file /home/aef/.ssh/id_ecdsa-cert type -1
debug1: permanently_drop_suid: 1000
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-3
debug1: match: OpenSSH_6.0p1 Debian-3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: SSH2_MSG_KEXINIT sent
Bad packet length 1397966893.
Disconnecting: Packet corrupt