Ssh multiplexing via port forwarding

multiplexingsshssh-tunnel

I'm trying to create a setup where one could "ssh" to a specific port on localhost and then get forwarded to a remote server and into a shell, without the need to enter credentials (nope, secret key is not an option, unfortunately).

So far I have set up ssh multiplexing, with ControlMaster, so I can start a remote ssh shell without any prompts, from the local shell.

Is there a way to use that socket when new client connects to a specific port on localhost?

I've tried various combinations with -D, -R and -S, with no luck. Is such a setup possible, on either Linux or Mac?

edit:

I don't mind entering localhost credentials at any point, but I'm trying to avoid entering remote credentials for all connections following the initial control connection.

localhost        ---->    localhost:2222             ---->   remote:22
  $ ssh -p 2222             forward to remote                  $ _ :)
                            using an existing 
                            control socket

Best Answer

If you want a basic shell, you could use netcat to create a shell listening on a certain port on remote server, and use Port Forwarding on local ssh to create the tunnels:

On remote:

while true ; do netcat -l -p 15000 -e /bin/bash ; done

On local:

ssh -L 5000:remoteip:15000 user@server
netcat localhost 5000

You will not be able to use some commands (vim behaviour is funny), but it works for most commands. Every time the connection is closed, the loop will spawn a new one.

Related Solutions

Ssh – Port forwarding for Rsync

If the server is running SSHd then you can just use rsync over SSH directly.

For instance I run things like
rsync -a --inplace some/dir/ user@remote.server.tld:/destination/dir/
all the time. There is no need to run rsync as a daemon or have port forwarding enabled as rsync will start a copy of itself using the SSH link and handle all synchronisation between itself and that instance over the SSH link too (and the remote copy closes as the connection is dropped so you don't end up with a bunch of zombie processes hanging around).

To talk over a port other than the standard one you just need to give rsync a little extra info about how it should manage the connection, like so:
rsync -a --inplace -e 'ssh -p 222' some/dir/ user@remote.server.tld:/destination/dir/

This is actually more secure (all the rsync communication is protected by SSHs secure transport, whereas with port forwarding everything is sent plain) and more convenient (no rsyncd needed, and you can use SSHs key based auth)

Ssh – Automatically spawn a ControlMaster background process on first access to a ssh remote system

You should use the ControlPersist config option.

 ControlPersist
         When used in conjunction with ControlMaster, specifies that the
         master connection should remain open in the background (waiting
         for future client connections) after the initial client connec‐
         tion has been closed.  If set to “no”, then the master connection
         will not be placed into the background, and will close as soon as
         the initial client connection is closed.  If set to “yes”, then
         the master connection will remain in the background indefinitely
         (until killed or closed via a mechanism such as the ssh(1) “-O
         exit” option).  If set to a time in seconds, or a time in any of
         the formats documented in sshd_config(5), then the backgrounded
         master connection will automatically terminate after it has
         remained idle (with no client connections) for the specified
         time.

ControlPersist no is the default behaviour, which is as you describe. I use ControlPersist 4h to allow the background sessions to clean themselves up periodically.

Best Answer

Related Solutions

Ssh – Port forwarding for Rsync

Ssh – Automatically spawn a ControlMaster background process on first access to a ssh remote system

Related Topic