Packer: SSH Proxy Support

Created on 4 Sep 2013  路  14Comments  路  Source: hashicorp/packer

Hello, will it be possible to add an enhancement to allow SSH to be proxied? Similar to how you can achieve it with OpenSSH and the ProxyCommand setting? Being stuck behind a firewall and unable to ssh 1) to verify the system is up and 2) use the shell provisioner sucks. :(

Thank you for consideration.

core enhancement
Source
picture defunct73

Most helpful comment

We would love it if packer could honour the settings in ~/.ssh/config where proxies are concerned. At the minimum we need some way to route traffic to a specified proxy host and port combination. Really, a massive +1 for this feature.

picture timperrett on 11 Jan 2014
👍31

All 14 comments

It is technically possible. What kind of proxy command would you need?

mitchellh picture mitchellh on 19 Sep 2013

We currently use corkscrew with OpenSSH to proxy over http/https. I hope that helps.

Thank you!

defunct73 picture defunct73 on 19 Sep 2013

We would love it if packer could honour the settings in ~/.ssh/config where proxies are concerned. At the minimum we need some way to route traffic to a specified proxy host and port combination. Really, a massive +1 for this feature.

timperrett picture timperrett on 11 Jan 2014
👍31

@defunct73 Your link to corkscrew (http://www.mtu.net/~engstrom/ssh-proxy.php ) is 403 (at least for me). You must be referring to http://www.agroman.net/corkscrew/ .

rasa picture rasa on 11 Jan 2014

@rasa Thanks for the updated link! Not sure why the first one went 403. That is what I am referring to. Thanks again!

defunct73 picture defunct73 on 11 Jan 2014

Any alternative to ProxyCommand functionality would be awesome :-)

timperrett picture timperrett on 12 Jan 2014

for people behind a corporate proxy server, this could be essential, our environment has a select set of hosts that are permitted to connect to the outside world via ssh, from our desktops we are able to proxy through these hosts without to much client side configuration. I second honoring the ProxyCommand from ~/.ssh/config if it exists.

leon-strong picture leon-strong on 25 Mar 2014

Hi Any update on this?
This can be really useful in some condition.

zioalex picture zioalex on 30 Jun 2014

Hi, any consideration for this request? Thanks.

defunct73 picture defunct73 on 17 Dec 2014

This is a real issue for me. I can't use this amazing tool behind my f### corporate proxy... I also use corkscrew (the ProxyCommand entry from my ~/.ssh/config file).
Could you help us?

acourtois picture acourtois on 21 Jan 2015

Just to clarify how this work. Packer uses "native" go ssh lib, go.crypto/ssh, to ssh.

To be able to define a single proxy command or host might be feasible, but to honor ~/.ssh/config (OpenSSH) would probably be a lot of work.

rickard-von-essen picture rickard-von-essen on 21 Jan 2015
😕1

I understand :) But is there a way to provide a proxy to the packer's ssh connection step? I use packer to build my AWS AMIs all the time and I really like it :)

acourtois picture acourtois on 21 Jan 2015

I suggest it might be easiest to emulate override.ssh.proxy_command behaves in Vagrant.
I often use this feature to proxy ssh through a bastion host into instances I've launched in a VPC.

override.ssh.proxy_command = "ssh -q 1.2.3.4 nc -q0 %h 22"
mdthorpe picture mdthorpe on 4 Mar 2015

+1 on desirability of this capability

Hefeweizen picture Hefeweizen on 14 May 2015
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

tleyden picture tleyden  路  3Comments
jesse-c picture jesse-c  路  3Comments
mvermaes picture mvermaes  路  3Comments
s4mur4i picture s4mur4i  路  3Comments
mwhooker picture mwhooker  路  3Comments