login about faq

Please provide instructions for configuring an SSH gateway server

asked Dec 30 '10 at 15:06

SSH%20KB's gravatar image


There are multiple ways of configuring SSH Tectia Server in the DMZ as a gateway server allowing connections to the internal network. Here are the most common ways of connecting with a client (A) to a DMZ server (B) and from there onwards to some server in the internal network (C). 1. Forced command (UNIX & Windows clients) Choosing public key authentication allows using "forced commands" for opening the connection from B to C automatically. Configuration is done on the DMZ server in the server side public-key configuration by specifying the public-key file and the command which is executed when that key is used in authentication. In this case the forced command will be the ssh2 command or script for opening the connection onwards to C. -- ~/.ssh2/authorization key testuser_key.pub command="/scripts/hop_to_c" -- In the above example, if the key 'testuser_key' is used in public-key authentication the script 'hop_to_c' is executed automatically. This option is useful when it is not desirable that users be granted shell access to host B. Of course the same username can have another key or use some other authentication method for authentication if shell access to host B is necessary. 2. Manual way (Unix & Windows clients) The simplest way is opening the connection manually with SSH Tectia Client from A first to B and from there onwards to C. In order to make the process easier, authentications can be made non-interactive and there can be a script at B for opening the connection to C. On Windows only the GUI terminal client can be used. See the next item for more detailed information. 3. Executing server script from client (only UNIX clients) One option is to first configure a non-interactive method of authentication between B and C. Then create a script on the DMZ server (B) including ssh2 command for opening the connection to C. In this example the script is placed on B as '/scripts/hop_to_c'. Connection will be opened from A issuing the following command: (A)$ ssh2 -t testuser@server "/scripts/hop_to_c" Client will connect to "server" and execute the script found at /scripts/hop_to_c for opening the second connection. The -t option is for TTY allocation even when issuing a command. Downside of this setup is that it can only be used from UNIX clients. Windows command interpreter cmd.exe does not do terminal emulation and using ssh2.exe on Windows will result junk control characters on the screen.

answered Dec 30 '10 at 15:06

SSH%20KB's gravatar image


Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Dec 30 '10 at 15:06

Seen: 612 times

Last updated: Mar 10 '11 at 17:22

Related questions

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.