Access to Remote tty cli via ssh

metallica1973 · 01-08-2013, 11:53 AM

Scenario:

I would like the ability to be able to use the cli on a client that has remotely connected to me via my ssh server in my office and use their terminal to work remotely if I am in another remote location.

Ex.

The client reverse ssh's to my remote ssh server in my office.

Code:

ssh -R 10002:localhost:22 client@my-remote-ssh-server

I remotely ssh into my ssh server from another client site.

Code:

ssh -L 3400:localhost:3400 admin@my-remote-ssh-server

and from there I would be connected to the tty of the remote client from wherever I am.

Is this possible?

Code:

ssh -t user@some.domain.com /usr/bin/screen -xRR

or 

ssh -t remote_host screen -r

??

nini09 · 01-08-2013, 02:25 PM

Yes, it is double. You can relay SSH connection multi-times if you know where you go and what is current location.

metallica1973 · 01-08-2013, 03:29 PM

Thanks for the reply,

Can you elaborate?

SecretCode · 01-08-2013, 04:03 PM

On first reading your question I thought it was a simple case of "ssh inside ssh" - a web search returns various useful pages.

But are you in fact trying to reuse an ssh session already set up and authenticated by another person? As in

Code:

    A (you, remote) ------ S (server, office) ----- C (client, remote)
1                                          <----------   C sets up reverse ssh session
2                 ----------> A sets up ssh session
3                                          ----------> A wants cli access to C

I'm not sure if this is possible. Creating a new ssh session from your login shell at 'S' definitely is - why not do that?

nini09 · 01-09-2013, 02:18 PM

For example, IP address of the SSH server is 192.168.0.1 and the terminal of one equipment connect with 192.168.0.2 machine.
You can do SSH to SSH server 192.168.0.1 at first and then do SSH to 192.168.0.2 machine again in SSH 192.168.0.1 session. In second session, you monitor the equipment through terminal.

metallica1973 · 01-09-2013, 03:32 PM

Many thanks for all the replies.

Code:

A (you, remote) ------ S (server, office) ----- C (client, remote)
1                                          <----------   C sets up reverse ssh session
2                 ----------> A sets up ssh session
3                                          ----------> A wants cli access to C

Exactly. Is this possible?

SecretCode · 01-10-2013, 04:58 AM

It's possible and pretty easy if you set up a new ssh session in step 3 - but you'll need the key and/or password for an account on C. Are you trying to avoid that?

I doubt that it's possible for you to reuse an existing ssh session ... it would mean that whenever I ssh into a shared server, any admin on that server can now access my client machine ... not what I want!

metallica1973 · 01-10-2013, 09:44 AM

Many thanks for the replies.

The reason that I ask this question is that some of the sites they dont allow ssh access into their network. So typically I have them ssh to my server and up unto this point, I "vnc" to the Gnome desktop and open up a terminal in that manner to be able to work. I wanted to avoid accessing the GUI and be able to access the cli directly. Would "-S" option work using SSH? Is that what I need to be using?

SecretCode · 01-10-2013, 12:33 PM

Are these clients in different companies? What kind of things do you need to be able to do on their systems?

When you say vnc, is that to the client's desktop? Why do they allow that if they block ssh?

I'm confused about the security boundaries in this scenario

metallica1973 · 01-10-2013, 12:53 PM

Yes,

Most of the clients that I deal with dont want to poke a hole in their firewall(unnecessary open ports) to allow me access to there linux systems. So as a results, I just have them access an ssh server(Reverse ssh) that I setup and then I simply remote into the linux system(Gnome Desktop) and open a terminal and bang away. So in a nutshell, I want to do the samething but the difference being a terminal instead of a desktop.

SecretCode · 01-10-2013, 01:09 PM

Do these clients all run an ssh server? (Not installed by default on some distros.)

Could you get them to run sshd with an open port (if they have *any* open incoming ports) such as 80, and connect to that using the -p option?

metallica1973 · 01-10-2013, 01:40 PM

They are extremely anal and will not do that. TCP:80,443 are used for their HTTP/HTTPS servers so enabling the sshd daemon on these ports will not be a viable option. So based on your answers, I am assuming this cannot be done. Thanks for your help.