LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-26-2011, 11:42 AM   #1
exactiv
Member
 
Registered: Nov 2008
Location: Ireland
Distribution: *nix
Posts: 47

Rep: Reputation: 15
Question Multiple Reverse SSH Tunnels for 100+ servers


Hi there,

I am looking at using reverse SSH tunnels to manage servers on client sites.

I have played around with reverse tunnelling, and have it working on one server back to my middle man server from which I can SSH across from my own PC. All working fine.

When I scale this up to 100+ servers reverse tunnelling in, usernames & passwords become a pain, so I'd prefer to use RSA keys instead.

My question, finally you might say, is this, to successfully ssh from my PC to the remote server, do the RSA keys need to be on the middle man server as well, or is it just my PC and the remote server?

Thanks.

-ex
 
Old 07-27-2011, 03:53 AM   #2
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291
Hello,

If you set it up correctly, identifying each and every host to the remote side by its RSA key, then you don't have to type username/password ever. I have reverse SSH tunnels set up for various servers and all work perfectly with the keys, no need for other identification. If you use as you call it a 'man in the middle server' to centralize your tunnels/connections, then you'll need to add the key generated on that server on all your hosts and the keys of the hosts need to be added to the remote server. From your PC you'll only have to add your key to the 'man in the middle' server. That is if I understood how you've set it up.

If you've set it up working with keys from your PC to the 'man in the middle' machine and from there to your hosts, then you could use the ProxyCommand available in SSH to access the remote host without the need to login to the 'man in the middle' server.

Kind regards,

Eric

Last edited by EricTRA; 07-27-2011 at 03:54 AM.
 
Old 11-23-2011, 03:55 PM   #3
desiredforsome
LQ Newbie
 
Registered: Nov 2011
Posts: 2

Rep: Reputation: Disabled
Its Alive!!

This post has been in-active for sometime.

I have reverse SSH going on for port forwarding. But i have to leave many ports open (100's)

Can i do private key RSA somehow so that i only need minimum ports opened? So that if i have port 600 forwarded to 4 different servers and every server has its own private key when i connect to my middle man server(ssh server) on port 600 with rsa key for server 1 is connects me over to the 1st server?

Im trying to use this along with vnc lol.
 
  


Reply

Tags
reverse, ssh tunnel


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Connect to multiple ssh servers behind a router ?? glenn69 Linux - Networking 2 01-15-2011 08:14 AM
Identifying multiple ssh-tunnels GitS Linux - Networking 3 09-07-2010 09:08 AM
Multiple ssh tunnels and bad key fingerprints theNbomr Linux - Networking 2 06-14-2008 09:15 PM
LXer: ssh on multiple servers Using cluster ssh LXer Syndicated Linux News 0 01-11-2008 04:40 PM
SSH to multiple servers DigiCrime Linux - General 6 06-22-2006 09:19 AM


All times are GMT -5. The time now is 11:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration