Hi guys, I'm trying to set up an Ubuntu VPN server that will forward an ssh connection automatically as a proxy to two separate LAN hosts.
What I'm looking at doing is making SSH listen on two ports (if that is possible) and get some kind of script, preferably something in bash, that will listen on those two ports and forward the connection to whichever host in the event of a successful connection.
Eg:
P 22 >> Host 1
P 4000 >> Host 2
The two hosts are running red Hat linux and a Windows variant and will be accessed initially from both Linux and Windows machines.
I was looking at getting ssh to listen on the separate ports by editing the
/etc/ssh/sshd
to add for example, port 4000 underneath port 22 and restart the service.
At the minute I have it all running on Amazon ec2.
Any ideas?
Why not use proxycommand and nc to connect to lan hosts:
You would use something like this on your external .ssh/config
host proxy_server
user therk1
hostname your.domain.com
port 22
host lan1
proxycommand ssh -q proxy_server nc lan1
host lan2
proxycommand ssh -q proxy_server nc lan2
You can then just ssh to proxy_server,lan1 and lan2 hosts from the command line
VPN does not seem to be a need. No reconfiguration of sshd is necessary, either. Of course, the sshd on the far end must allow the tunnel type.
If you set up a tunnel with SSH, listening on one end and connecting out to some target host-port on the other, anyone who can get to the listener can use the target, as long as it is not a tcp protocol that acts on hosts and ports in the message stream, like FTP, and even that can be accommodated with additional tricks in many cases. Unlike the shell command part of the ssh session, user id is not in play, it is just a tcp wormhole you created. BTW, if the session has compression, so do the tunnel connections.