Transparent SSH host-jumping (Expert)

26 July 2016

A while ago in the Transparent SSH host-jumping (Advanced) post I described a technique on how one could jump quite effortlessly through a chain of intermediate hosts. However, there was a catch: the user names and ports across the whole chain should be the same and there was no easy way to change that.

Given that I recently paid quite a lot of attention to the ProxyCommand directive I decided to look into the implementation of the helper script that will allow one to tweak parameters for the hosts in the chain.

You can read the original post for the read time 3 min.

Offloaded on ssh

SSH: Interactive ProxyCommand

25 July 2016

I was involved in the creation of the sshephalopod project, which was an attempt to build an enterprise level authentication framework for SSH authentication using the SSH CA feature.

The project is based on a wrapper script that signs a user via a SAML identity provider and gets user’s public key signed for the further usage.

In one of the discussions I pointed out that such a wrapper script is not good for the end user experience and I proposed to provide the users with an excerpt for their ssh config file, so the functionality of sshephalopod would be read time 5 min.

Offloaded on ssh

Transparent SSH host-jumping (Advanced)

In this brief article I am going to describe how I resolved a nagging issue I had with setting up access to hosts which are not directly reachable, but where you need to forward your connection through an intermediate host.

Previously, I was using the local SSH port-forwarding technique (although I was configuring hosts I connect to in the ~/.ssh/config file instead of using the command-line options). However, this approach turned out to be quite inconvenient since every time I wanted to connect to a new host (and, possibly, through a new intermediate host) I had to edit my read time 6 min.

Offloaded on ssh

SSH port-forwarding (Intermediate)

In my previous blog entry I described some basic functionality of SSH in terms of port-forwarding. Now it’s time for a little bit more complex stuff.

In this article I will highlight:

  • (forward) piercing of a firewall (getting access to resources behind it);
  • dynamic port-forwarding (AKA proxy);
  • (reverse) piercing of a firewall (exposing your local services on the remote side).

Forward firewall piercing

Let’s start with the forward firewall piercing, since it is the easiest and was somewhat already described in my previous blog entry on this topic. Now, imagine that you already have SSH access to some read time 4 min.

Offloaded on ssh

1 / 2