Home/ Questions/Q 9228017
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T05:13:25+00:00

I need some suggestions on how to use the Ruby Net::SSH and Net::SCP gem

  • 0

I need some suggestions on how to use the Ruby Net::SSH and Net::SCP gem to proxy through several systems in order to execute commands or copy files.

It’s very similar (if not almost exactly the same) as this previous post I made, using basic ssh from the linux command line.

How to script multiple ssh and scp commands to various systems

For example, LOCAL is my local system.

System A is a second system connected to LOCAL

System B is a third system connected to System A only. Also, System B is configured to only allow access from System A by way of it’s ssh key.

For normal ssh from the command line, I have my .ssh/config file set up in this way:

Host systemA
        HostName        192.168.0.10
        User            A-user

Host systemB
        ProxyCommand    ssh -e none systemA exec /bin/nc %h %p 2>/dev/null
        HostName        192.168.0.11
        User            B-user
        IdentityFile    ~/.ssh/systemA_id_dsa

From this point, as long as my pub key is in the authorized_hosts of sysA (let’s assume it always will be), and sysA’s pub key is in the authorized_hosts sysB (same assumption), the following will work seamlessly:

ssh systemB

I would like to implement this exact behavior in Ruby. I have some code similar to the following:

require 'net/ssh'
require 'net/ssh/proxy/command'

str = 'ssh -l A-user -i /home/A-user/.ssh/id_dsa -e none 192.168.0.10 exec /bin/nc %h %p 2>/dev/null'
proxy = Net::SSH::Proxy::Command.new(str)

Net::SSH.start('192.168.0.11', 'B-user', :proxy => proxy) do |ssh|
  ssh.exec! "ls -lA"
end

Unfortunately, this isn’t working. I get an authentication failure.

~/.rvm/gems/ruby-1.9.3-p327/gems/net-ssh-2.6.2/lib/net/ssh.rb:201:in `start': root (Net::SSH::AuthenticationFailed)

What am I missing here?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Did you verify that your proxy command actually works on its own from the command line? It seems you might have mixed the order of the identity keys.

    SystemA already knows you(?), you should not need to specify an identity for it. This is also based on the config setup you posted.

    Instead to me it seems you need to forward the identity of SystemA to SystemB in the start command:

    Net::SSH.start('192.168.0.11', 'B-user', 
               :proxy => proxy, 
               :keys  => [ "~/.ssh/systemA_id_dsa" ] ) do |ssh|
  ssh.exec! "ls -lA"
end

    And then skip just skip the identity file in the Proxy setup command.

    • 0