Changes between Version 2 and Version 3 of SshProxyNotes

Show
Ignore:
Timestamp:
05/24/10 16:25:11 (9 years ago)
Author:
ibaldin (IP: 152.54.9.131)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SshProxyNotes

    v2 v3  
    88 
    99The proposed setup involves a domain with a NAT firewall and a internal private address space. The hosts inside the domain can originate connections to the public Internet, or at least connect to the NAT host. One or more hosts with public IP addresses must be chosen to be SSH 'proxies'. It could be the NAT host or could be a different host, depending on hardware. The idea is to provide access to hosts inside the domain (internal hosts) by tunneling their SSH connections from the SSH proxy. Since the internal hosts can be dynamically created, it is more convenient to have these hosts open a 'reverse' SSH tunnel to the proxy host, rather than having the proxy host open a forward tunnel to the internal hosts.   
     10 
     11The control framework must treat reverse tunnel ports (endpoints) as an allocatable resource. 
    1012 
    1113== SSH keys == 
     
    3032$ cat newkey >> ~rev-tunnel-user/.ssh/authorized_keys 
    3133}}} 
    32   3. Boot 
     34  3. Boot the internal host (VM) 
     35  4. Install the user public key into the root account 
     36  5. Install the proxy key into the root account 
     37  6. Allocate the port on the proxy host (call it P) 
     38  7. Create a reverse tunnel: 
     39{{{ 
     40$ ssh -nNT -R 0.0.0.0:44655:localhost:22 rev-tunnel-user@proxy.host.name 
     41 }}}