Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am looking at using reverse SSH tunnels to manage servers on client sites.
I have played around with reverse tunnelling, and have it working on one server back to my middle man server from which I can SSH across from my own PC. All working fine.
When I scale this up to 100+ servers reverse tunnelling in, usernames & passwords become a pain, so I'd prefer to use RSA keys instead.
My question, finally you might say, is this, to successfully ssh from my PC to the remote server, do the RSA keys need to be on the middle man server as well, or is it just my PC and the remote server?
If you set it up correctly, identifying each and every host to the remote side by its RSA key, then you don't have to type username/password ever. I have reverse SSH tunnels set up for various servers and all work perfectly with the keys, no need for other identification. If you use as you call it a 'man in the middle server' to centralize your tunnels/connections, then you'll need to add the key generated on that server on all your hosts and the keys of the hosts need to be added to the remote server. From your PC you'll only have to add your key to the 'man in the middle' server. That is if I understood how you've set it up.
If you've set it up working with keys from your PC to the 'man in the middle' machine and from there to your hosts, then you could use the ProxyCommand available in SSH to access the remote host without the need to login to the 'man in the middle' server.
I have reverse SSH going on for port forwarding. But i have to leave many ports open (100's)
Can i do private key RSA somehow so that i only need minimum ports opened? So that if i have port 600 forwarded to 4 different servers and every server has its own private key when i connect to my middle man server(ssh server) on port 600 with rsa key for server 1 is connects me over to the 1st server?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.