Join Log in
Score:1
Lázár Zsolt avatar Server

SSH - Getting 'Broken pipe' error when trying to configure multi-hop connection

in flag
Lázár Zsolt

I have two SSH servers: ServerA that supports key-based authentication, and is accessible from my workstation, and ServerB that only supports password-based auth, and can only be accessed from ServerA. My goal is to SSH into ServerB from my workstation, but I'm getting a very useless error. Here's my ~/.ssh/config file:

Host ServerA
    HostName 10.8.0.1
    User ubuntu
    Port 22
    IdentityFile ~\.ssh\id_server_a.pem

Host ServerB
    ServerAliveInterval 120
    HostName 12.34.56.78
    User myuser
    Port 12221
    ProxyCommand ssh -W %h:%p ServerA

This should work, but when I type in the command ssh ServerB, I get the following error:

/bin/sh: No such file or directory
banner exchange: Connection to UNKNOWN port 65535: Broken pipe

I have tested both SSH connections, as in I'm able to explicitly connect to ServerA with the key, and from ServerA's shell I'm able to connect to ServerB with the port, username and password.

Where does this error originate from (Workstation, ServerA or ServerB) and is there anything I can do to fix it?

1039
1 + 2
ssh
Prem avatar
cn flag
Prem
(1) Check that /bin/sh Exists on all 3 machines. (2) Execute `ssh -vvvv ....` to get more Detail on what is going on. (3) Why you are giving %h:%p in ProxyCommand ? (4) Check with `ProxyCommand ssh -vvvv ServerA` to connect to Port 22. (5) Check `ProxyCommand ssh -vvvv [email protected]` , to get Debug Data.
0
Reply
Randall avatar
bq flag
Randall
This is tagged `linux` but what is your Workstation? Specifically, both OS type and OS version.
0
Reply
Score:2
Randall avatar Server
bq flag
Randall
If the client system is a Mac - a Ventura upgrade is likely the cause.

Based on the timing of the OP's question, that seems quite plausible.
Upgrading my Mac to Ventura (MacOS 13.4) broke ssh for me, giving me a very similar error:

Infinite reexec detected; aborting
banner exchange: Connection to UNKNOWN port 65535: Broken pipe

One significant caveat - I'm using a PIV (smartcard) to authenticate

After troubleshooting with IT support the solution turned out to be:

  1. Remove / comment out the PKCS11Provider line in your ~/.ssh/config
  2. Run the following commands: 
    ssh-add -e /usr/lib/ssh-keychain.dylib
  #Note - above command may produce the error:  
  #   'Could not remove card "/usr/lib/ssh-keychain.dylib": agent refused operation'
  #This can be ignored; the file simply has no items to remove
ssh-add -D
killall -9 ssh-agent
ssh-add -s /usr/lib/ssh-keychain.dylib
  3. You should now be able to ssh

Note: If ssh still fails - The killall should have cleared all cached ssh process/keys/etc. A reboot will definitely clear any cached data that may be interfering.

+ 3
br flag
Angelo
Does this mean we can't use PKCS11Provider anymore? I also had this problem on Ventura using ssh keys.
0
Reply
Randall avatar
bq flag
Randall
@Angelo - Not exactly. I just needed to comment out my `PKCS11Provider /usr/lib/ssh-keychain.dylib` line in the .ssh/config. But the library `/usr/lib/ssh-keychain.dylib` is still being used, just that it's now being loaded via `ssh-add`. If you had some other lib for the PKCS11Provider, I expect it should still also work using the ssh-add.
0
Reply
br flag
Angelo
ssh-add means you're adding your PIV to your agent, and not using the PKCS11Provider directive. I have commented out PKCS11Provider and this does prevent the problem for me, even though I've been using an ssh key.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.