Skip to Content

Changes for page SSH tunnel

Last modified by Jan Rhebergen on 2023/01/04 15:57
From version 3.3
edited by Jan Rhebergen
on 2022/12/29 21:54
Change comment: There is no comment for this version
To version 1.2
edited by Jan Rhebergen
on 2022/02/06 13:32
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -31,7 +31,7 @@
31 31  #JBR first make sure account on dashy exists (see step 2)
32 32  ssh-copy-id autotunnel@dashy}}}
33 33  
34 -This installs the ##autossh## program, adds the ##autotunnel## user which will **not** have a default login shell. To still be able to execute commands as ##autotunnel## we have to specify a shell to execute, i.e. ##/bin/bash##. This enables us to generate the keys and copy them to the middleman server ##dashy##. The ##ssh-copy-id## command copies the most recent ##id_*.pub## file. As of recent the ##ed25519## is considered safest (and quick). **NB:** the ##autotunnel## account password needs to be known (temporarily set) see step 2. **NB:** The last command of step 2 can only be executed when step 2 below has been completed! Also temporarily enable logins using a password  by setting ##PasswordAuthentication yes## in the ##/etc/ssh/sshd_config## file.
34 +This installs the ##autossh## program, adds the ##autotunnel## user which will **not** have a default login shell. To still be able to execute commands as ##autotunnel## we have to specify a shell to execute, i.e. ##/bin/bash##. This enables us to generate the keys and copy them to the middleman server ##dashy##. The ##ssh-copy-id## command copies the most recent ##id_*.pub## file. As of recent the ##ed25519## is considered safest (and quick). **NB:** the ##autotunnel## account password needs to be known (temporarily set) see step 2. **NB:** The last command of step 2 can only be executed when step 2 below has been completed!
35 35  
36 36  **step 3**
37 37  
... ... @@ -91,12 +91,9 @@
91 91  This should generate some output on the restricted client due to the ##-vvv## option we supplied. When this indeed is the case just quit and commence with the following actual test.
92 92  
93 93  (% class="box" %)
94 -{{{ssh -p 8082 localhost
95 -#JBR or alternatively for instance:
96 -ssh -p 8082 jan@localhost
97 -}}}
94 +{{{ssh -p 8082 localhost}}}
98 98  
99 -This should log you in on the restricted host. If you need to supply a password it means you did not copy your own public keys or the permission of the ##authorized_keys## file in set incorrectly. These keys are different (personal) public keys that you should have on your home pc/laptop account. Again this should generate respective verbose output on the restricted host. When succesful you can logout on the middle man host and also stop the ##autossh## running on the restricted host. If you cannot login from an outside host (not localhost) it might be because the provider that hosts your middle man server has a firewall that need to be adjusted (i.e. amazon, oracle, etc).
96 +This should log you in on the restricted host. If you need to supply a password it means you did not copy your own public keys or the permission of the ##authorized_keys## file in set incorrectly. These keys are different (personal) public keys that you should have on your home pc/laptop account. Again this should generate respective verbose output on the restricted host. When succesful you can logout on the middle man host and also stop the ##autossh## running on the restricted host.
100 100  
101 101  == Automation and persistence ==
102 102