Trouble executing ssh IPAddressA -l user "ssh -l IPAddressB ls" from my bash script

Question

I'm currently facing a weird problem while executing a command from my bash script.

My script has this command,

ssh IPAddressA -l root "ssh -l root IPAddressB ls"

where IPAddressA & IPAddressB would be replaced by hard coded IP addresses of two machines accessible from each other.

The user would enter the password whenever asked. But, I'm getting this error after I enter the IPAddressA's password.

root@IPAddressA's password: 
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
]$

Answer 1

There's a better trick for that..

In ~/.ssh/config add a host entry for IPAddressA, configured like so:

Host IPAddressA
    User someguy
    ProxyCommand ssh -q someguy@IPAddressB nc -q0 %h 22

The slick thing about this method is that you can scp/sftp to IPAddressB without any weird stuff on your shell command line.

For bonus points, generate yourself a public key-pair and drop the public key on both IPAddressA and IPAddressB in ~/.ssh/authorized_keys. If you don't put a password on it, you won't even be bothered to enter that.

Additionally, if you're trying to get access to a remote LAN that only has a single entry point - SSH can actually act as a VPN client, bridging you through the proxy host. Of course, the remote end needs to support tap/tun devices (as does your local machine)... But if it's all there already.. super painless mechanism to bridge.

Answer 2

When the inner ssh password is prompted, there's no interactive keyboard available. You can get what you want with ssh tunneling.

ssh root@IPAddressA -L2222:IPAddressB:22 -Nf
ssh root@localhost -p2222

The first line open a tunnel, so your localhost 2222 port points to IPAddressB:22 andd bring the ssh process in background ( -f ) without executing a command ( -N )
The second line connects IPAddressB:22 through the new opened tunnel