ssh use with netcat to forward connections via bastion host to inside machine
Posted
by
Registered User
on Server Fault
See other posts from Server Fault
or by Registered User
Published on 2011-03-07T06:59:14Z
Indexed on
2011/03/07
8:12 UTC
Read the original article
Hit count: 420
Hi, I am having a server in a corporate data centre who's sys admin is me. There are some virtual machines running on it.The main server is accessible from internet via SSH. There are some people who within the lan access the virtual machines whose IPs on LAN are
192.168.1.1
192.168.1.2
192.168.1.3
192.168.1.4
the main machine which is a bastion host for internet has IP 192.168.1.50 and only I have access to it. I have to give people on internet the access to the internal machines whose IP I mentioned above.I know tunnel is a good way but the people are fairly non technical and do not want to get into a tunnel etc jargons.So I came across a solution as explained on this link On the gateway machine which is 192.168.1.50 in the .ssh/config file I add following
Host securehost.example.com
ProxyCommand ssh [email protected] nc %h %p
Now my question is do I need to create separate accounts on the bastion host (gateway) to those users who can SSH to the inside machines and in each of the users .ssh/config I need to make the above entry or where exactly I put the .ssh/config on the gateway.
Also ssh [email protected]
where user1 exists only on inside machine 192.168.1.1 and not on the gateway is that right syntax? Because the internal machines are accessilbe to outside world as
site1.example.com
site2.example.com
site3.example.com
site4.example.com
But SSH is only for example.com and only one user.So
How should I go for .ssh/config
1) What is the correct syntax for ProxyCommand on gateway's .ssh/config
should I use
ProxyCommand ssh [email protected] nc %h %p
or I should use
ProxyCommand ssh [email protected] in nc %h %p
2) Should I create new user accounts on gateway or adding them in AllowedUsers on ssh_config is sufficient?
© Server Fault or respective owner