On 01/11/2018 14:05, Chris Green wrote:
On Thu, Nov 01, 2018 at 09:40:56AM +0000, Andrew Hutchings wrote:
Hi Chris,
I believe reverse SSH tunneling may cover what you need here. You would just need some automated way of keeping the connection up.
I've thought long and hard about using SSH tunnels but I can't quite get my mind round how it would actually work.
The first problem is that it's non-trivial to automatically open an ssh tunnel using a ssh 'LocalCommand' run when doing the initial ssh from client to server (I do want to get the normal ssh connection as well). This probably can be managed though, I've done something similar before,
Then, how do you automate the file copy back through the reverse tunnel? It would need a passwordless ssh connection and I'm not to keen on that security-wise.
If you are doing something automated push rather than pull based it is likely going to need a keystore somewhere along the line.
Finally (and this is probably the most difficult bit) how do you pull down the reverse tunnel when you've finished? If it has (as is likely) used the ssh ControlMaster connection created by the initial ssh then that will hang until you kill the reverse tunnel ssh. This is basically the same issue as I originally described using sshfs (which doesn't have the password issue).
Hmm... I was thinking the SSH tunnel would be semi-permanent. VPN possible?
Kind Regards