Changes between Version 1 and Version 2 of SshProxyNotes

Show
Ignore:
Timestamp:
05/24/10 16:22:40 (9 years ago)
Author:
ibaldin (IP: 152.54.9.131)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SshProxyNotes

    v1 v2  
    1515  2. Proxy keys - needed to establish a connection between the internal host and a proxy. This SSH keypair(s) must be generated ahead of time, the public key installed in the .ssh/authorized_keys for the account used on the proxy host for SSH tunneling. The private key must be installed into the internal host. If it is a VM it can be installed at the time of VM creation. Since this private key becomes known to the user due to being installed into the VM, it may be necessary to generate a per-user/per slice dynamic key pair used for all the hosts in the user's slice.  
    1616 
    17 == Workflow == 
     17== SSHD Configuration == 
     18 
     19By default SSHD binds reverse tunnel connections on the proxyhost to 'localhost' only as a security measure. The following stanza must be added to the proxy hosts /etc/ssh/sshd_config file (and sshd restarted) to allow clients to specify the bind address for the tunnel remote endpoint: 
     20{{{ 
     21# to allow reverse tunnels to work 
     22GatewayPorts clientspecified 
     23}}} 
     24 
     25== Control Framework Workflow == 
    1826 
    1927  1. Generate a proxy SSH keypair.  
     28  2. Install the public key into the proxy host account used for reverse tunnels (call it rev-tunnel-user): 
     29{{{ 
     30$ cat newkey >> ~rev-tunnel-user/.ssh/authorized_keys 
     31}}} 
     32  3. Boot