What I am thus looking for is a network router that routes all traffic from all my machines on my side of the network through an SSH tunnel to my server abroad, sort of a "NAT over SSH" feature. VPN does not solve my problem because I don't have the ability to setup the remote server as a VPN server (lack of IP pool availability, my employer does not permit outgoing PPTP connections). I was therefore looking into a number of options: However, that is a bit annoying because I need to start the connection first before I do anything, and it's too complicated for my wife to do. I also own a (windows 2003) server in another country, I have since installed cygwin on there and am using an SSH tunnel for all my web surfing. Needless to say, that is unacceptable (and not officially endorsed either, but they still do it). It has recently come to my attention that certain individuals in my employers IT department are sniffing traffic. I am in a slightly awkward situation in that I live on a remote site (also where I work), and have no other option than to use my employers internet connectivity to surf the web and do my private email. If that's too long and boring, skip a few lines to the SKIP HERE tag: The solution with running ssh on B will require you to forward the port from A to B and separately from B to C.First, my situation for those who like to read. The solution with an A's key authorized on C will allow you to use your original command without passwords. If the last leg must be from C to C, then the course of action depends on which solution you choose. If so, then you don't need any of the above solutions all you need is: ssh -NL :C: will make the last leg for forwarded packets be from the SSH server on B to C. You forwarded the port using the A-to-C connection and the destination was also C so the last leg for forwarded packets was from the SSH server on C to C. Your original command used -N and -L, so I understand the only goal is to forward a port. This command runs ssh on B to connect to C, so it will use the B's key. Ssh -t 'ssh least in Linux I'm not sure how quoting works in Windows). If you wanted to log in from A to C, then it would be like: # from A You can use the already registered keys if you actually connect from B to C after connecting from A to B. If they are different keys, you need to use them both. Then, when you do ssh -J on A, you need to use the key that allows A to connect to B and the key that allows A to connect to C. It may be the old key (the one already authorized on B) but it may be a new key created exclusively for this connection. On C authorize any key A uses to authenticate. I understand there's currently a key pair that allows you to connect from A to B and a separate pair that allows B to C. It works if I use the same key pair on all three hosts, but I would like to use different users with different key pairs because of security reasons. The most elegant way to solve the general problem is to make C accept the (or an) A's key. No SSH client is invoked on B, so the key that allows you to connect from B to C is never used. It's equivalent to connecting from A to B and then from A to C (using packets forwarded through B). This means ssh -J is not equivalent to connecting from A to B and then from B to C. This is for brevity.Ĭonnect to the target host by first making a ssh connection to the jump host described by destination and then establishing a TCP forwarding to the ultimate destination from there. "the B's key" means "user1's key available on B". Often when I say "A", "B", "C", I really mean "the user on A", "user1 on B", "user2 on C" respectively.I don't use Windows but hopefully it won't matter much.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |