Emacs Tramp ssh double hop

5
votes

Could somebody please help me setup Emacs Tramp to do a double hop? I want to work on machine2.abc.def.edu to which I can connect only through machine1.abc.def.edu. My username is myname, on both machines same.

I've tried to add .emacs:

(add-to-list 'tramp-default-proxies-alist
          '("\\`machine2\\.abc\\.def\\.edu\\'"
            "\\`myname\\'"
            "/ssh:machine1\\.abc\\.def\\.edu:"))

This is my best guess interpretation of what's in the manual. Then I do: C-x C-f /ssh:machine2.abc.def.edu or: C-x C-f /ssh:[email protected]

But both give:

ssh: Could not resolve hostname ssh: nodename nor servname provided, or not known
Process *tramp/scpc ssh* exited abnormally with code 255

And my Aquamacs can't be quitted and have to killed from shell... There is a 2 years thread here with same question. I've tried the answer from there:

(add-to-list 'tramp-default-proxies-alist
          '("machine2.abc.def.edu"
            nil
            "/ssh:[email protected]:"))

With same results... also for all combinations I could come up with... Remote editing on machine1.abc.def.edu works fine, though.

3
emacssshtramp
Looks related to stackoverflow.com/questions/715855/… though not sure if that answers your question - vpit3833
Yes this is exactly the post I refered to in my post (i.e. solution 2). It doesn't work for me.... the netcat solution is also not feasible for me... - user673592
You might want to customize the tramp-verbose variable to see if you can get more information. - phils

3 Answers

4
votes

Okay, let's try something different then, without opening a tunnel. How about the following in your .emacs file: 

(add-to-list 'tramp-default-proxies-alist 
             '("\\`machine2\\'" 
               nil 
               "/ssh:%[email protected]:"))

This is different from the code you found in the forum post in two points:

  1. it adds ticks around the target host name (Emacs regexp syntax to avoid matching partial names)
  2. it uses only the subdomain name in the target host (you reported in a comment below that you cannot ssh to machine2 when you use the full domain name)

Does that help when you try to access a file on machine2?

10
votes

The answer it to use the ssh_proxy command available in ssh_config. Documented here and here. Basically you create a config file in your ssh folder that you can write shortcuts in. One of your shortcuts is to use a proxy through another end point. All of your shortcuts work for any tool that uses ssh including git and emacs.

Host endpoint2
     User myusername
     HostName mysite.com
     Port 3000
     ProxyCommand ssh endpoint1 nc -w300 %h %p

Host endpoint1
     User somename
     HostName otherdomainorip.com
     Port 6893

In this example running ssh endpoint2 will automatically hop through endpoint1.

2
votes

Set up an ssh tunnel from machine1 to machine2 (assuming that sshd runs on port 22 on machine2):

machine1.abc.def.edu> ssh -f -N -L 2222:localhost:22 machine2.abc.def.edu

Then either connect to machine2 from Emacs like this:

/ssh:machine1.abc.def.edu#2222

or add the following line to your .emacs:

(add-to-list 'tramp-default-proxies-alist
             '("\\`machine2\\.abc\\.def\\.edu\\'" nil
               "/tunnel:machine1.abc.def.edu#2222:"))