Hi all,
Thank you for all the hints but I still can't get it to work :(
I have checked /etc/ssh/sshd_config on BASTION and AllowTcpForwarding is
set to "yes".
My ~/.ssh/config on SOURCE machine:
Host backup
HostName firewall.example.com
Port 8822
IdentityFile ~/.ssh/backup
IdentitiesOnly yes
User myuser
StrictHostKeyChecking yes
RequestTTY no
This is working fine when I run rdiff-backup on SOURCE and connect to
BACKUP directly (port 8822 is forwarded on the FIREWALL)
Now I want to add BASTION between FIREWALL and BACKUP.
SSH on BASTION is also accessible from SOURCE (port 9922 is forwarded on
the FIREWALL). BASTION can SSH to BACKUP on the same port 9922.
How exactly do I need to modify ~/.ssh/config on SOURCE to incorporate
this chain and the port numbers?
Regards,
Adam
On 25/06/2021 12:52, Patrik Dufresne wrote:
Hello Adam,
When using the SSH proxy command this following message "Fatal Error:
Truncated header string (problem probably originated remotely)" is
generated by SSH. Usually this gets printed when the box doesn't allow ssh
tunnel.
On the bastion server, You should review your /etc/ssh/sshd_config and make
sure you have "AllowTcpForwarding yes".
After that, you may create a file in ~/.ssh/config
Host <hostname-behind-bastion>
ProxyCommand ssh -q -A -x <bastion-hostname> -W <ip-behind-bastion>:22
I invite you to test the configuration by calling ssh manually first, to
make sure the ssh configuration is working, before trying to test it with
rdiff-backup.
On Fri, Jun 25, 2021 at 7:36 AM Frank Crawford <[email protected]>
wrote:
Adam,
This should work with any issue, but can you share the actual
ProxyCommand you are using.
Also, what do you get if you log in yourself directly?
And you may want to up the verbosity of rdiff-backup output (e.g. -v5)
to see what is being returned.
Regards
Frank
On Thu, 2021-06-24 at 17:59 +0100, Adam Weremczuk wrote:
Hi all,
I run old rdiff-backup 1.2.8 on a remote server and one local behind
an
ssh bastion.
Direct backup over ssh work fine but I struggle hopping over
intermediary box. All 3 run Debian.
I've tried ProxyCommand with and without netcat but each time I'm
getting:
---------------------------------------------------------------------
----------------------------------
Fatal Error: Truncated header string (problem probably originated
remotely)
Couldn't start up the remote connection by executing
ssh -C backup rdiff-backup --server
Remember that, under the default settings, rdiff-backup must be
installed in the PATH on the remote system. See the man page for
more
information on this. This message may also be displayed if the
remote
version of rdiff-backup is quite different from the local version
(1.2.8).
---------------------------------------------------------------------
----------------------------------
I haven't been able to find any recipes online and I'm assuming it's
feasible.
Could anyone help?
Regards,
Adam
