Hi there,

I am looking at using reverse SSH tunnels to manage servers on client sites.

I have played around with reverse tunnelling, and have it working on one server back to my middle man server from which I can SSH across from my own PC. All working fine.

When I scale this up to 100+ servers reverse tunnelling in, usernames & passwords become a pain, so I'd prefer to use RSA keys instead.

My question, finally you might say, is this, to successfully ssh from my PC to the remote server, do the RSA keys need to be on the middle man server as well, or is it just my PC and the remote server?

Thanks.

-ex

Hello,

If you set it up correctly, identifying each and every host to the remote side by its RSA key, then you don't have to type username/password ever. I have reverse SSH tunnels set up for various servers and all work perfectly with the keys, no need for other identification. If you use as you call it a 'man in the middle server' to centralize your tunnels/connections, then you'll need to add the key generated on that server on all your hosts and the keys of the hosts need to be added to the remote server. From your PC you'll only have to add your key to the 'man in the middle' server. That is if I understood how you've set it up.

If you've set it up working with keys from your PC to the 'man in the middle' machine and from there to your hosts, then you could use the ProxyCommand available in SSH to access the remote host without the need to login to the 'man in the middle' server.

Kind regards,

Eric

This post has been in-active for sometime.

I have reverse SSH going on for port forwarding. But i have to leave many ports open (100's)

Can i do private key RSA somehow so that i only need minimum ports opened? So that if i have port 600 forwarded to 4 different servers and every server has its own private key when i connect to my middle man server(ssh server) on port 600 with rsa key for server 1 is connects me over to the 1st server?

Im trying to use this along with vnc lol.