Re: Multi Hopping by sshserver proxy with different keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Joachim,

Thanks for sharing.
That works but don't rocks; not the way I want :

1 - I need a fully autonomous procedure to connect to any target.
  In your solution, I have to start each time a special connection which
I can't automate correctly within Putty localproxy command (teletype
screen issues) or within a pre-connection local command.

2 - The most important : the client Haven't Any Key to Target. It's the
bastion/gateway/jumper who Have keys.
  In your solution, I don't know How to tell target to verify bastion's
key...

And of course I don't want an ssh in ssh like : ssh bastion ssh target
... even if that's doing what I want elsewhere the Microsoft land.

Here is a schematic view of my needs :

Windows             Linux               Linux
  |                   |                   |
Putty            OpenSSH_5.6p1      Openssh any version
  |                   |                   |
Client ----------> Bastion ----------> Target
  \_________________/   \________________/
     Client's Key         bastion's key
       (Pagent)             (ssh-agent)

Fyi : I've setted the environment file to get my ssh-agent acting in the
2nd connection (from B to T).

Thanks
Nicolas

-------- Message original --------
Sujet: Re: Multi Hopping by sshserver proxy with different keys
De : Joachim Thuau <Joachim.Thuau@xxxxxxxxxxxxxx>
Pour : secureshell@xxxxxxxxxxxxxxxxx <secureshell@xxxxxxxxxxxxxxxxx>
Date : 23/09/2010 18:26

> Your could do this with the following:
> 	* ssh to bastion using your keys, and include a port forward from localhost to target
> 	* ssh to forwarded port on localhost using target key.
> 
> Note that if this is for automation of tasks, you may need to keep the first connection going while starting the second.

 Once the second connection is going, the first one will not close fully
until the tunnel is no longer in use.
> 
> Thanks,
> Jok
> 


Post-scriptum La Poste

Ce message est confidentiel. Sous reserve de tout accord conclu par
ecrit entre vous et La Poste, son contenu ne represente en aucun cas un
engagement de la part de La Poste. Toute publication, utilisation ou
diffusion, meme partielle, doit etre autorisee prealablement. Si vous
n'etes pas destinataire de ce message, merci d'en avertir immediatement
l'expediteur.
[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux