Mailing List Archive: How to bridge two ssh sessions?

How to bridge two ssh sessions?

Feb 2, 2009, 6:46 AM

Post #1 of 5 (9639 views)

Hi,
Is there somebody here who could point me in the right direction?

I am about to implement a sort of 'ssh bridge' that can be reached
from devices behind a NAS gateway. The Idea is to bridge two
clients in a way that they can talk to each other using ssh tunnels.

Each client should use ssh to connect to a 'bridge server', the
server should then somehow 'connect' these client session and allow
tunneling sessions 'end to end'. The bridging should also be able
to request credentials and/or use some other means of authentication
maybe using rsa keys.

(Client begind NAS) ------( server )-------(Client behind NAS)
SSH -------> <------ SSH
\_Bridge/
\______________tunnel_____________/

I am currently using ssh and rsa key to establish a session for each
client. The session ends in a shell script (no command shell) that
only allow some specific functions.

The whole thing reminds me on the way TeamViewer seems to have implemented
it but I could not find any clue in the net about how. Any hint would
be very much apreciated.

Thanks, Peter

Re: How to bridge two ssh sessions? [ In reply to ]

richard at snowshoefox

Feb 2, 2009, 8:01 AM

Post #2 of 5 (9502 views)

Permalink

Hi Peter,

This article might help you:
https://help.ubuntu.com/community/SSH_VPN

On Mon, 2009-02-02 at 15:46 +0100, Peter KÃ¼nnemann wrote:
> Hi,
> Is there somebody here who could point me in the right direction?
>
> I am about to implement a sort of 'ssh bridge' that can be reached
> from devices behind a NAS gateway. The Idea is to bridge two
> clients in a way that they can talk to each other using ssh tunnels.
>
> Each client should use ssh to connect to a 'bridge server', the
> server should then somehow 'connect' these client session and allow
> tunneling sessions 'end to end'. The bridging should also be able
> to request credentials and/or use some other means of authentication
> maybe using rsa keys.
>
> (Client begind NAS) ------( server )-------(Client behind NAS)
> SSH -------> <------ SSH
> \_Bridge/
> \______________tunnel_____________/
>
> I am currently using ssh and rsa key to establish a session for each
> client. The session ends in a shell script (no command shell) that
> only allow some specific functions.
>
> The whole thing reminds me on the way TeamViewer seems to have implemented
> it but I could not find any clue in the net about how. Any hint would
> be very much apreciated.
>
> Thanks, Peter
>
>

Re: How to bridge two ssh sessions? [ In reply to ]

peter at familie-kuennemann

Feb 2, 2009, 1:56 PM

Post #3 of 5 (9501 views)

Permalink

David Sims ...:
> Hi,
>
> I don't know how to do what you want with bare SSH, but IMHO a better
> solution would be to use an IPCop firewall and then to use the OpenVPN
> addon (Zerina) along with the appropriate OpenVPN client (see:
> http://openvpn.se/).... This would allow for a secure and easy to manage
> ssh-based solution.... that is actually very transparent to the end
> user...

Thanks for your tip but in this case I do not have any influence on what
runs on the clients except for ssh, one client gonna be a router box
with OpenWRT running an un-manned application that should be connected
from outside world without having to open any firewall ports, the other
end beeing some Windows (or whatever) application that needs to contact
the router box. The only world-known is the service in middle!

> Dave Sims
> Houston, Texas
> ***********************************************************************
> On Mon, 2 Feb 2009, [ISO-8859-15] Peter K?nnemann wrote:
>
>> Hi,
>> Is there somebody here who could point me in the right direction?
>>
>> I am about to implement a sort of 'ssh bridge' that can be reached
>> from devices behind a NAS gateway. The Idea is to bridge two
>> clients in a way that they can talk to each other using ssh tunnels.
>>
>> Each client should use ssh to connect to a 'bridge server', the
>> server should then somehow 'connect' these client session and allow
>> tunneling sessions 'end to end'. The bridging should also be able
>> to request credentials and/or use some other means of authentication
>> maybe using rsa keys.
>>
>> (Client begind NAS) ------( server )-------(Client behind NAS)
>> SSH -------> <------ SSH
>> \_Bridge/
>> \______________tunnel_____________/
>>
>> I am currently using ssh and rsa key to establish a session for each
>> client. The session ends in a shell script (no command shell) that
>> only allow some specific functions.
>>
>> The whole thing reminds me on the way TeamViewer seems to have implemented
>> it but I could not find any clue in the net about how. Any hint would
>> be very much apreciated.
>>
>> Thanks, Peter

Re: How to bridge two ssh sessions? [ In reply to ]

peter at familie-kuennemann

Feb 2, 2009, 2:00 PM

Post #4 of 5 (9520 views)

Permalink

Patrick Debois ....:

> You can use netcat in combination with the proxycommand.
>
> http://www.jedi.be/blog/2008/11/07/chaining-ssh-tunnels-easy-ssh-hopping/
>
Patrick, thanks very much. I think this is very close to what I wanna do,
I think I will use it as a start point. I may need to add some extra
authentication though to make sure that only the clients are connected
that are allowed to.

> Peter Künnemann wrote:
>> Hi,
>> Is there somebody here who could point me in the right direction?
>>
>> I am about to implement a sort of 'ssh bridge' that can be reached
>> from devices behind a NAS gateway. The Idea is to bridge two
>> clients in a way that they can talk to each other using ssh tunnels.
>>
>> Each client should use ssh to connect to a 'bridge server', the
>> server should then somehow 'connect' these client session and allow
>> tunneling sessions 'end to end'. The bridging should also be able
>> to request credentials and/or use some other means of authentication
>> maybe using rsa keys.
>>
>> (Client begind NAS) ------( server )-------(Client behind NAS)
>> SSH -------> <------ SSH
>> \_Bridge/
>> \______________tunnel_____________/
>>
>> I am currently using ssh and rsa key to establish a session for each
>> client. The session ends in a shell script (no command shell) that
>> only allow some specific functions.
>>
>> The whole thing reminds me on the way TeamViewer seems to have
>> implemented
>> it but I could not find any clue in the net about how. Any hint would
>> be very much apreciated.
>>
>> Thanks, Peter

Re: How to bridge two ssh sessions? [ In reply to ]

joseph85750 at yahoo

Feb 4, 2009, 3:15 PM

Post #5 of 5 (9528 views)

Permalink

> --- On Mon, 2/2/09, Peter Künnemann
> Date: Monday, February 2, 2009, 2:56 PM
>
> Thanks for your tip but in this case I do not have any
> influence on what
> runs on the clients except for ssh, one client gonna be a
> router box
> with OpenWRT running an un-manned application that should
> be connected
> from outside world without having to open any firewall
> ports, the other
> end beeing some Windows (or whatever) application that
> needs to contact
> the router box. The only world-known is the service in
> middle!
> a keys.
> >>
> >> (Client begind NAS) ------( server )-------(Client
> behind NAS)
> >> SSH -------> <------
> SSH
> >> \_Bridge/
> >>
> \______________tunnel_____________/
> >>
>

Have you considered a 'REMOTE' port forward? For example, client1 could perform a remote port forward of client1's ssh port (tcp/22) to the "server", then client 2 could pull that port local to client2. Ie:

client1: ssh -l userOnServer -R 10022:127.0.0.1:22 ip.of.server

client2: ssh -l userOnServer -L 10022:127.0.0.1:10022 ip.of.server
client2 (in another window): ssh -l userOnClient1 -p 10022 localhost

Mailing List Archive

Attached Files:

Attached Files:

Attached Files: