Re: SSH and ProxyCommand (was Re: rdr and authpf)
Lars Nooden wrote: +--E | AB--+--C | +--D Juan Miscaro wrote: Host B HostName host-B User user-B IdentityFile key-B Host C HostName host-C User user-C IdentityFile key-C ProxyCommand ssh B nc %h %p Yes, thanks very much. Also, instead of using ssh_config, the same can be done via shell: ssh -o ProxyCommand ssh B nc %h %p C Note: Investigate ssh-agent if you do not already use it. I use it but freely admit that it is under-utilized. -Lars
SSH and ProxyCommand (was Re: rdr and authpf)
Juan Miscaro wrote: 2009/1/17 Lars NoodC)n larsnoo...@openoffice.org: [snip] +--E | AB--+--C | +--D [snip] This is standard SSH duty. Configure A to pass through B to get to E, C, D. Research the 'ProxyCommand' setting. Thanks. There are not words for how tremendously OpenSSH rocks. I've been a casual user since autumn 99 or so, but lately finding that was just the tip of the iceberg. There's a wealth of tricks in ssh_config(5) Using ~/.ssh/config on the client to connect to .118.10 and then from there use netcat to connect to .124.25: Host sound Protocol 2 HostName 192.168.118.10 ProxyCommand ssh %h /usr/bin/nc 192.168.124.25 22 using -v (or -vv or -vvv) this is what happens: debug1: Executing proxy command: exec ssh 192.168.118.10 \ /usr/bin/nc 192.168.124.25 22 The obstacle I find now is that since the host keys for 192.168.118.10 and 192.168.124.25 are not the same, the illusion of two keys for a single host causes the client to choke on the connection to the second host. Is there a way to configure ssh_config to allow two host keys for the same host, or ignore the first host's key? Putting the same key on both doesn't seem quite right as I don't want the same groups that are working behind the gateway to be accessing gateway itself. Regards, -Lars
Re: SSH and ProxyCommand (was Re: rdr and authpf)
Lars NoodC)n wrote: +--E | AB--+--C | +--D Ok. To record my own answer one solution, it was to use HostKeyAlias, to specify which host key to record. Host sound Protocol 2 HostKeyAlias 192.168.124.25 HostName 192.168.118.10 ProxyCommand ssh %h /usr/bin/nc 192.168.124.25 22 I can see some drawbacks with that, but it works for now. -Lars
Re: SSH and ProxyCommand (was Re: rdr and authpf)
2009/1/18 Lars NoodC)n larsnoo...@openoffice.org: Lars NoodC)n wrote: +--E | AB--+--C | +--D Ok. To record my own answer one solution, it was to use HostKeyAlias, to specify which host key to record. Host sound Protocol 2 HostKeyAlias 192.168.124.25 HostName 192.168.118.10 ProxyCommand ssh %h /usr/bin/nc 192.168.124.25 22 I can see some drawbacks with that, but it works for now. -Lars Host B HostName host-B User user-B IdentityFile key-B Host C HostName host-C User user-C IdentityFile key-C ProxyCommand ssh B nc %h %p Note: Investigate ssh-agent if you do not already use it. -- jm
rdr and authpf
I'd like to be able to authorize certain groups of users to be able to log in via ssh from A to B below, but upon/after successful authentication be redirected to ssh on C,D,or E so as to log in and work there. +--E | AB--+--C | +--D What part of authpf can do that? Or is that better with SSH than PF? regards, -Lars
Re: rdr and authpf
2009/1/17 Lars NoodC)n larsnoo...@openoffice.org: I'd like to be able to authorize certain groups of users to be able to log in via ssh from A to B below, but upon/after successful authentication be redirected to ssh on C,D,or E so as to log in and work there. +--E | AB--+--C | +--D What part of authpf can do that? Or is that better with SSH than PF? This is standard SSH duty. Configure A to pass through B to get to E, C, D. Research the 'ProxyCommand' setting. -- jm