Connecting with sftp using a proxy server

Question

I am trying to connect to an external server using a proxy with the below command:

sftp -v -o "ProxyCommand /usr/bin/nc -X connect -x proxyserver.com:8080 %h %p" [email protected]

This isn't working. I get the below output:

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Executing proxy command: exec /usr/bin/nc -X connect -x proxyserver.com:8080 [email protected]

debug1: permanently_drop_suid: 456876
bash: No such file or directory

I think the command is formed correctly, it appears to be failing at the 'permanently_drop_suid' step. Does anybody have any idea what could be going wrong here? I can connect using WinSCP so the connection details are correct. Any assistance is greatly appreciated!

score 1 · Answer 1 · answered Feb 08 '18 at 09:29

The last message bash: No such file or directory means that the remote can't find the binary bash for executing. So, it's likely a config issue on the remote side.

Can you try to connect to server.com using a different user or check the remote 'user@server' setting for the active shell?

Also, can you ssh to the the remote, eg. ssh -o ProxyCommand... user@server ?

Right now, i was facing a similar issue, here are my results:

$ sftp -v -o ConnectTimeout=3 \
    -o ProxyCommand='/usr/bin/nc -X connect -x proxyserver.com:8080 %h %p' \
    -oPort=443 user@server

Connecting to server...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Executing proxy command: exec /usr/bin/nc -X connect -x proxyserver.com:8080 server 443
[...]
debug1: permanently_drop_suid: 21889
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
The authenticity of host '[server]:443 (<no hostip for proxy command>)' can't be established.
RSA  key fingerprint is <the_finger_print>.
Are you sure you want to continue connecting (yes/no)? ^C

false bravado · Answer 2 · 2022-10-10T23:54:22.877

-1

The op command had 2 issues- not formatted correctly, and was missing a port number... Original: sftp -v -o "ProxyCommand /usr/bin/nc -X connect -x proxyserver.com:8080 %h %p" [email protected]

Corrected: sftp -v -o ProxyCommand="/usr/bin/nc -X connect -x proxyserver.com:8080 %h %p" [email protected] 999 (whatever port number is needed by the destination host.)

edited Oct 10 '22 at 23:54

answered Oct 10 '22 at 23:52

false bravado

1
1

This does not provide an answer to the question. Once you have sufficient [reputation](https://unix.stackexchange.com/help/whats-reputation) you will be able to [comment on any post](https://unix.stackexchange.com/help/privileges/comment); instead, [provide answers that don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). - [From Review](/review/late-answers/425734) – dr_ Oct 12 '22 at 13:43

Connecting with sftp using a proxy server

2 Answers2