Ssh-proxy-example

From PTAGISWiki

Jump to: navigation, search

From alcourt@execpc.com Thu Apr 12 08:56:33 2001 Date: Wed, 11 Apr 2001 22:07:49 -0500 (CDT) From: Mr. Alcourt <alcourt@execpc.com> To: sage-members@usenix.org Subject: Re: auto ssh through a proxy

Here's what I ended up doing.

Set up a second sshd_config file for the file transfer on the gateway box so I could run it with more restricted permissions than normal. The normal ssh port was already blocked, so I used port 2222.

The second ssh daemon only accepted public key authentication. I also used a forced command on the gateway machine to force a "sleep" command. This allowed a port forward to be set up. An application account was created on both the gateway and the final destination to use for the file transfer. The password was locked, but the shell was valid.

$ ssh -l userid -L 2022:finalhost:22 gatewaybox sleep 60 -f $ dd if=/file/to/send | ssh -p 2022 localhost "dd of=/dest/location"

I used authorized keys also on the final system to obliviate the need for passwords on the system. A forced command was used to force the destination location. So the commands specified on the command executed by the sender were only for documentation, they would have been overridden anyway. The -f was of course to "fork into background" so that it could be scripted more readily by the sender.

Many thanks to those who responded.

-- Mr. Alcourt http://www.execpc.com/~alcourt/ "I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire

gpg: Warning: using insecure memory! gpg: Signature made Wed 11 Apr 2001 11:07:51 PM EDT using RSA key ID 7E2A6771 gpg: Can't check signature: public key not found

Retrieved from "http://php.ptagis.org/wiki/index.php/Ssh-proxy-example"
Personal tools