SSH Proxy works on laptop but not server?

So I have a really odd issue that I have been trying to track down for days now. I have tried all the googling, all the chatGPTing and am at a loss for what’s going on.

A bit of overview for the issue. We have an environment that has a Ubuntu server 22.04 (Ansible Controller), another device on Ubuntu server 22.04, and a third device on Debian 9 arm. The Ansible controller and the Ubuntu server sit on the same network. The Debian 9 system sits on a separate internal network behind the Ubuntu server, so it cannot be directly reached from the controller. What I am doing is using the vars for a proxy through the Ubuntu host to the Debian 9 host. I have confirmed on my laptop that my code works BUT the controller when I put the repo on it the playbook and roles fail with the following error:

TASK [feather_gateway : Add default gateway] ********************************************************************************************************************************************************************************************************
fatal: [feather3_lineup1]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Connection timed out during banner exchange\r\nConnection to UNKNOWN port 65535 timed out", "unreachable": true}

Here is how the inventory var is set up:

          ansible_user: *****
          ansible_ssh_pass: *****
          ansible_become_pass: *****
          ansible_python_interpreter: /usr/bin/python2.7
        ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -i /home/*****/.ssh/id_rsa_lab *****@"'

The controllers IP is and can use the proxy command by itself and reach the Debian device on But Ansible fails with the mentioned error.

Any help will be greatly appreciated. This is a dev env, so we do not have things in vaults right now until we get the code working on the controller. It’s on the to-do list :smiley:

So to give a little more insight on this. Here is the proxy command working from the controller, working just fine.

I don’t configure proxies in Ansible, it seems to work fine with ProxyJump configured in ~/.ssh/config, for example perhaps something like this would work?

Host feather3_lineup1
  IdentityFile ~/.ssh/id_rsa_lab

Thank you for the info. I was able to get things working with ProxyJump and some control master updates to my ssh conf. Since this is going to be for 200+ jump hosts with 10+ systems behind them I opted to keep a lot of it in the ansible inventory and not the ssh config.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.