There is a host A that is not accessible from my local network. But there is a host B which I can access via SSH and A is visible to B. So I setup an SSH tunnel and try to access A via B
ssh -N -D 7070 username@HOST_B
my ~/.ssh/config looks like
host HOST_A
ProxyCommand socat - PROXY:127.0.0.1:7070:%h:%p,proxyport=7070
When I run the following command
ssh -v username@HOST_A
I got the following error.
debug1: identity file /Users/leo/.ssh/id_rsa type -1
debug1: permanently_drop_suid: 501
debug1: identity file /Users/leo/.ssh/id_rsa-cert type -1
debug1: identity file /Users/leo/.ssh/id_dsa type 2
debug1: identity file /Users/leo/.ssh/id_dsa-cert type -1
2013/05/21 22:19:13 socat[4537] E proxy_connect: connection closed by proxy
ssh_exchange_identification: Connection closed by remote host
There is no /etc/hosts.allow or /etc/hosts.deny on my machine. I am using mac OS.
You are asking socat to connect to a HTTP proxy, but the ssh tunnel you set up is a SOCKS proxy. Tell socat to connect to the SOCKS proxy:
host HOST_A
ProxyCommand socat - SOCKS4:127.0.0.1:7070:%h:%p,proxyport=7070
(Other SOCKS options may be available --- check man socat for the particular socat you have installed.)
But usually you don't want to have to setup the ssh tunnel in advance. The usual way is to use netcat on HOST_B:
host HOST_A
ProxyCommand /usr/bin/ssh username@HOST_B /bin/nc %h %p
(Changes pathnames to ssh and netcat as necessary.)
demure's ssh -t HOST_B ssh HOST_A method also works, but cannot be configured in ~/.ssh/config.