Changes between Version 6 and Version 7 of SshProxyNotes

Show
Ignore:
Timestamp:
01/13/11 18:10:19 (9 years ago)
Author:
ibaldin (IP: 152.54.9.21)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SshProxyNotes

    v6 v7  
    77SSH tunneling presents a generic mechanism for making TCP-based services located in private address spaces available securely to hosts located in public address space. This situation arises when, for example, VMs are created on computational substrate that is behind a NAT firewall and external experimenter tools need to connect to these VMs to get e.g. a command shell. 
    88 
    9 The proposed setup involves a domain with a NAT firewall and a internal private address space. The hosts inside the domain can originate connections to the public Internet, or at least connect to the NAT host. One or more hosts with public IP addresses must be chosen to be SSH 'proxies'. It could be the NAT host or could be a different host, depending on hardware. The idea is to provide access to hosts inside the domain (internal hosts) by tunneling their SSH connections from the SSH proxy. Since the internal hosts can be dynamically created, it is more convenient to have these hosts open a 'reverse' SSH tunnel to the proxy host, rather than having the proxy host open a forward tunnel to the internal hosts.   
     9The proposed setup involves a domain with a NAT firewall and a internal private address space. The hosts inside the domain can originate connections to the public Internet. One or more hosts with public IP addresses must be chosen to be SSH 'proxies'. It could be the NAT host or could be a different host, depending on hardware. The idea is to provide access to hosts inside the domain (internal hosts) by tunneling their SSH connections from the SSH proxy. Since NAT generally prevents incoming connections and the internal hosts can be dynamically created, it is more convenient to have these hosts open a 'reverse' SSH tunnel to the proxy host, rather than having the proxy host open a forward tunnel to the internal hosts.   
    1010 
    1111The control framework must treat reverse tunnel ports (endpoints) as an allocatable resource.