Git Question

SSH Advice, git cloning from multiple Jumps

this is a bit of a strange one and I am not sure how to tackle it.

At the moment, we have a jump box which we use to connect to customers:

ForwardAgent yes
ForwardX11 yes
User first.last
Port 22
DynamicForward 9999

I then connect to my customer:

User server
ForwardAgent yes
ProxyCommand ssh -qaxT nc 10.xx.xx.x1 22

This customer then has a local Stash server:

Host stash.customer
User server
ForwardAgent yes
ProxyCommand ssh -qaxT nc 10.xx.xx.x2 22

I want to clone a repo from stash on my local machine, currently I am able to clone it from with out any issues, see below: $ git clone ssh://git@stash.customer:7999/cm/repo.git
Cloning into 'repo'...
remote: Counting objects: 37, done.
remote: Compressing objects: 100% (37/37), done.
remote: Total 37 (delta 22), reused 0 (delta 0)
Receiving objects: 100% (37/37), 5.41 KiB | 0 bytes/s, done.
Resolving deltas: 100% (22/22), done.
Checking connectivity... done.

However when I try to do this on my local machine I get the following:

└─ $ ▶ git clone ssh://git@stash.customer:7999/cm/repo.git
Cloning into 'repo'...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

At first I thought this meant my key wasn't on the stash server for this repo, but it is so I looked in the secure logs on stash.customer

Oct 21 09:42:48 stash.customer sshd[24122]: Invalid user git from 10.xx.xx.1
Oct 21 09:42:48 stash.customer sshd[24123]: input_userauth_request: invalid user git
Oct 21 09:42:49 stash.customer sshd[24123]: Connection closed by 10.xx.xx.1

There is no user called git on the stash server or the jump machine, is this the problem? I am certain stash doesn't need a traditional ssh user as it currently doesn't have one, and I can clone within the network.

TLDR; I can't clone a repo on my local machine only within the network due to multiple jumps being used.

Answer Source

I resolved this by adding a new record for stash.customer and forwarding on the specific stash port.

User system
ForwardAgent yes
ProxyCommand ssh -qaxT nc 10.x.xx.xx 7999
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download