On Thu, Nov 01, 2018 at 02:19:17PM +0000, Andrew Hutchings wrote:
On 01/11/2018 14:05, Chris Green wrote:
On Thu, Nov 01, 2018 at 09:40:56AM +0000, Andrew Hutchings wrote:
Hi Chris,
I believe reverse SSH tunneling may cover what you need here. You would just need some automated way of keeping the connection up.
I've thought long and hard about using SSH tunnels but I can't quite get my mind round how it would actually work.
The first problem is that it's non-trivial to automatically open an ssh tunnel using a ssh 'LocalCommand' run when doing the initial ssh from client to server (I do want to get the normal ssh connection as well). This probably can be managed though, I've done something similar before,
Then, how do you automate the file copy back through the reverse tunnel? It would need a passwordless ssh connection and I'm not to keen on that security-wise.
If you are doing something automated push rather than pull based it is likely going to need a keystore somewhere along the line.
Finally (and this is probably the most difficult bit) how do you pull down the reverse tunnel when you've finished? If it has (as is likely) used the ssh ControlMaster connection created by the initial ssh then that will hang until you kill the reverse tunnel ssh. This is basically the same issue as I originally described using sshfs (which doesn't have the password issue).
Hmm... I was thinking the SSH tunnel would be semi-permanent. VPN possible?
I think you've probably confirmed what I have been finding, I was just hoping there might be an easier/neater way.
When you say '... the SSH tunnel would be semi-permanent." were you thinking it might be brought up when the laptop is turned on as it were? The problem is that I tend to have it permanently turned on and wander around from house to more distant places and back. The ssh tunnel probably won't survive this.
I guess a VPN might be the answer but it seems to be overkill for such a small requirement. It also probably can't handle wandering around.
My problem is that I'm lazy and expect the computer(s) to do all the hard work for me! :-) Thus I use ssh's ControlMaster facility to connect so I only ever have to enter the password once for multiple connections. On the other hand I *don't* want the laptop to automatically connect when turned on as I do disconnect all the ssh connections when I leave it so someone getting access to my laptop *won't* get access to anything else as a result.