Git Question

SSH Advice, git cloning from multiple Jumps

this is a bit of a strange one and I am not sure how to tackle it.

At the moment, we have a jump box which we use to connect to customers:

Host jump.server.com
Hostname jump.server.com
ForwardAgent yes
ForwardX11 yes
User first.last
Port 22
DynamicForward 9999


I then connect to my customer:

Host jump.customer.com
User server
ForwardAgent yes
ProxyCommand ssh -qaxT jump.server.com nc 10.xx.xx.x1 22


This customer then has a local Stash server:

Host stash.customer
User server
ForwardAgent yes
ProxyCommand ssh -qaxT jump.customer.com nc 10.xx.xx.x2 22


I want to clone a repo from stash on my local machine, currently I am able to clone it from jump.customer.com with out any issues, see below:

server@jump.customer.com:~/repos $ git clone ssh://git@stash.customer:7999/cm/repo.git
Cloning into 'repo'...
remote: Counting objects: 37, done.
remote: Compressing objects: 100% (37/37), done.
remote: Total 37 (delta 22), reused 0 (delta 0)
Receiving objects: 100% (37/37), 5.41 KiB | 0 bytes/s, done.
Resolving deltas: 100% (22/22), done.
Checking connectivity... done.


However when I try to do this on my local machine I get the following:

└─ $ ▶ git clone ssh://git@stash.customer:7999/cm/repo.git
Cloning into 'repo'...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.


At first I thought this meant my key wasn't on the stash server for this repo, but it is so I looked in the secure logs on stash.customer

Oct 21 09:42:48 stash.customer sshd[24122]: Invalid user git from 10.xx.xx.1
Oct 21 09:42:48 stash.customer sshd[24123]: input_userauth_request: invalid user git
Oct 21 09:42:49 stash.customer sshd[24123]: Connection closed by 10.xx.xx.1


There is no user called git on the stash server or the jump machine, is this the problem? I am certain stash doesn't need a traditional ssh user as it currently doesn't have one, and I can clone within the network.

TLDR; I can't clone a repo on my local machine only within the network due to multiple jumps being used.

Answer

I resolved this by adding a new record for stash.customer and forwarding on the specific stash port.

Host stash-customer.domain.com
User system
ForwardAgent yes
ProxyCommand ssh -qaxT jump.customer.com nc 10.x.xx.xx 7999
Comments