On Fri, Nov 02, 2018 at 11:18:29AM +0000, Nev Young wrote:
On 01/11/2018 14:05, Chris Green wrote:
On Thu, Nov 01, 2018 at 09:40:56AM +0000, Andrew Hutchings wrote:
Hi Chris,
I believe reverse SSH tunneling may cover what you need here. You would just need some automated way of keeping the connection up.
I've thought long and hard about using SSH tunnels but I can't quite get my mind round how it would actually work.
The first problem is that it's non-trivial to automatically open an ssh tunnel using a ssh 'LocalCommand' run when doing the initial ssh from client to server (I do want to get the normal ssh connection as well). This probably can be managed though, I've done something similar before,
Then, how do you automate the file copy back through the reverse tunnel? It would need a passwordless ssh connection and I'm not to keen on that security-wise.
Doesn't need to be passwordless. see http://www.linuxproblem.org/art_9.html
This is the same as passwordless in effect, they use keys without a passphrase. So, if you get access to machine A you then automatically have passwordless (passphrphraseless) access to machine B (and any other machine to which machine A accesses using the same key).
I suppose it's better than real 'passwordless' in that you only get passwordless access to machine B from machine A, not from anywhere but it's still not particularly secure, I don't want a situation where someone who gets access to just one of my machines can then access all of them.