Thursday, August 27, 2009

Multi hop ssh tunnelling

localhost ----linkA----> gatewayhost ----linkB-----> remotehost

localport <========ssh============>remoteport

Requirement
:
  1. Need to access remote service in remotehost (on remoteport) from localport in localhost (this quite be a database service to anhttp proxy service -- not much difference here)
  2. Both links A and B allow only SSH traffic (other ports are blocked)

Solution 1:

A simple

$ ssh -L localport:remotehost:remortport -N -f remoteuser@remotehost

would create an ssh tunnel on link A but not on link B . As both links allow only ssh traffic this will not work.

One solution is to use the ssh proxycommand option like this:

$ ssh -oproxycommand="ssh -qaxT gwuser@gatewayhost nc %h %p" -L 3128:localhost:9998 -p9999 remoteuser@remotehost -N -f


Monday, August 17, 2009

Publickey (no password) ssh/scp in Ubuntu (9.04 and maybe other)

As per launchpad

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/201786

There is a bug that prevents public key ssh/scp from working when configured according to 'man ssh'. (Due to the way ssh-agent / seahorse is setup )

The trick is to run 'ssh-add' after the normal procedure as per 'man ssh'.

So the entire procedure would be something like this.
  1. Generate keys on the local machine ($ ssh-keygen -t rsa -b 4096 #press enter twice, I'm using 4096 instead of the usual 2048 bit key)
  2. Copy the public key using ssh-copy ($ ssh-copy-id -i ~/.ssh/id_rsa.pub remoteuser@remotehost #assuming keys are in the standard location)
  3. Now make sure we run ssh-add ($ ssh-add )
That should do the trick!