A while ago in the Transparent SSH host-jumping (Advanced) post I
described a technique on how one could jump quite effortlessly through a chain
of intermediate hosts. However, there was a catch: the user names and ports
across the whole chain should be the same and there was no easy way to change
Given that I recently paid quite a lot of attention to the ProxyCommand
directive I decided to look into the implementation of the helper script that
will allow one to tweak parameters for the hosts in the chain.
I heard a lot about Raspberry Pi boards but until now I had no need nor time to
work with one.
However, recently I purchased a Dodge Journey R/T and found that although I
love the car I am so disappointed with its software and hard-wired logic that I
decided to experiment a bit and fix the most annoying things.
Since almost everything inside the car is talking over the CAN bus I needed
some kind of a enclave inside the car where I could run my code and
inject/intercept CAN messages.
I strive for simplicity since I am a strong believer that achieving a goal with
the most simplest solution looks elegant, proves that you have deep knowledge
on the subject, and overall is beautiful by itself. Additionally to this, a
simple solution is easier to comprehend and to audit, hence it is much easier
to ensure the security of such a solution.
Over the last decade I stumbled upon numerous complicated firewalls erected on
the NAT boxes with tens (sometimes, hundreds!) of rules describing the traffic
flows and punched holes for some edge cases. Every time I wondered what kind
time 7 min.
In this brief article I am going to describe how I resolved a nagging issue I
had with setting up access to hosts which are not directly reachable, but where
you need to forward your connection through an intermediate host.
Previously, I was using the local SSH port-forwarding technique (although I
was configuring hosts I connect to in the ~/.ssh/config file instead of
using the command-line options). However, this approach turned out to be quite
inconvenient since every time I wanted to connect to a new host (and, possibly,
through a new intermediate host) I had to edit my
time 6 min.