10

My question is basically how to turn my existing two steps into one step.

I have a working SSH tunnel set up between two computers using a middleman server like this:

Kubuntu_laptop--->nat_fw--->Debian_Server<--nat_fw<--Kubuntu_desktop

What I do presently is SSH from Kubuntu_laptop to Debian_Server and then from Debian_Server to Kubuntu_desktop. I would like to make that one SSH command, issued on my Kubuntu_laptop in bash that results in my being connected to the Kubuntu_desktop (shell/bash).

The commands I am using now are as follows. Step 1:

me@kubuntu_laptop:~$ ssh -i ~/.ssh/id_rsa admin@debian_server

Step 2:

admin@debian_server:$ ssh -p 1234 -i /home/admin/.ssh/id_rsa admin@localhost

Then I am connected to the kubuntu_desktop via SSH (from kubuntu_laptop).

RSA keys are required for all SSH connections. Password login is disabled all the way around. And notice that the computer user accounts are different at two of the computers.

Regarding the connection for this leg:

Debian_Server<--nat_fw<--Kubuntu_desktop

Here is how it is established:

autossh -M 5234 -N -f -R 1234:localhost:22 user@mydebian.com -p 22

Notice Kubuntu_desktop connects to middleman as user@mydebian.com (not admin@debian_server). But when I connect to Kubuntu_desktop, I connect as admin user.

I cannot change the existing monitoring port (5234) or the remote (- R) port number (1234 in this example). I cannot change the SSH security to allow password logins. I cannot open up any new firewall ports. I can't change user accounts (except on laptop).

MountainX
  • 17,948
  • Have a look at this question: http://unix.stackexchange.com/questions/82158/pseudo-terminal-will-not-be-allocated-because-stdin-is-not-a-terminal – Hauke Laging Jul 09 '13 at 02:57
  • @HaukeLaging - seems interesting but I don't understand it. What is "nc"? And on which machine is ~/.ssh/config edited? Basically, I need more detail than that question/answer provides. Thanks. – MountainX Jul 09 '13 at 03:02
  • This question has been crossposted (without notification) to Server Fault SE. This is very BAD form! – mdpc Jul 09 '13 at 03:07
  • thanks for the downvotes everywhere, but what is wrong with asking at two different places? Are you also going to prevent me from asking at ubuntuforums.org or somewhere else? – MountainX Jul 09 '13 at 03:13
  • @HaukeLaging-If using ProxyCommand in my laptop ~/.ssh/config, what do I enter for Hostname of the Kubuntu_Desktop? There is no fqdn. This is reverse SSH. Thanks. – MountainX Jul 09 '13 at 03:23
  • See this post regarding cross-posting: http://meta.stackexchange.com/questions/64068/is-cross-posting-a-question-on-multiple-stack-exchange-sites-permitted-if-the-qu. Or more specifically for this StackExchange site: http://meta.unix.stackexchange.com/questions/1167/is-it-considered-proper-normal-to-post-the-same-question-on-askubuntu-and-at-t/1176#1176 –  Jul 09 '13 at 11:00
  • @EvanTeitelman thanks, that was an interesting read. It's nice to see the different opinions. I saw a lot of good thinking on this subject and I will certainly follow the suggestion of linking to other posts. In fact, it's possibly worthwhile even when the other posts are not on StackExchange... anyway, I'll be aware of it now. – MountainX Jul 09 '13 at 19:25
  • Based on the answer here, I am now trying to get to the next step. I asked a new question here. – MountainX Jul 09 '13 at 20:01

2 Answers2

9

Make sure netcat is installed on the Debian server, and use ProxyCommand in your local SSH configuration (~/.ssh/config).

Host Kubuntu_desktop
  ProxyCommand ssh Debian_Server nc localhost 1234
Ignacio Vazquez-Abrams
  • 45,725
  • I gave all my steps in another answer for completeness, but it was all thanks to your help. I am accepting your answer. Thank you!!! – MountainX Jul 09 '13 at 04:14
7

Thanks to @Ignacio Vazquez-Abrams here are all the steps:

Make sure netcat is installed on the Debian server, and use ProxyCommand in your local SSH configuration (~/.ssh/config).

I edited config as follows: 

me@kubuntu_laptop:~/.ssh$ nano config

The contents are:

Host kubuntu_desktop
  ProxyCommand ssh debian_server_fqdn nc localhost 1234
  User admin
  PasswordAuthentication no
  IdentityFile ~/.ssh/my_id_rsa

Then just connect:

me@kubuntu_laptop:~$ ssh kubuntu_desktop

Connected to kubuntu_desktop via SSH in 1 step! Perfect

Update:

This makes it more flexible:

me@kubuntu_laptop:~/.ssh$ nano config

The new contents are:

Host family_desktops
  ProxyCommand ssh debian_server_fqdn nc localhost %p
  User admin
  PasswordAuthentication no
  IdentityFile ~/.ssh/my_id_rsa

Then just connect to Mom:

me@kubuntu_laptop:~$ ssh family_desktops -p 1234

And connect to Dad:

me@kubuntu_laptop:~$ ssh family_desktops -p 5678

Of course, Mom & Dad have to have Step 0 set up (from my original question) where each has their own -R port defined. Example for Dad:

Step 0 (for Dad):

autossh -M 6543 -N -f -R 5678:localhost:22 user@mydebian.com -p 22

Optional:

DAD=5678
ssh family_desktops -p $DAD
MountainX
  • 17,948
  • The ProxyCommand can also be written as: ProxyCommand ssh debian_server_fqdn -W localhost:%p so no need to have netcat on the Debian server. – Kevin Aug 11 '19 at 01:45