In this blog I am going to install autossh and setup the Odriod to automatically create an SSH tunnel to my Digital Ocean CentOS virtual server on boot. Why would you want to do this? Sometimes you want to leave the Odriod at a site and access it later. Having a tunnel that automatically comes up on boot and reconnects if the tunnel drops means you can always log in.
Install autoSSH
AutoSSH is in the Kali repository so no repositories need to be added.root@kali:~# apt-get install autossh ssh
This will install autossh and the latest version of the SSH client.
Generate a new set of RSA keys
These keys will be created WITHOUT a pass phrase. We can't have a pass phrase on this set of keys because the Odroid needs to be able to automatically connect without any user intervention.root@kali:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/nopwd
Enter passphrase (empty for no passphrase): LEAVE This Blank
Enter same passphrase again:
Your identification has been saved in /root/.ssh/nopwd.
Your public key has been saved in /root/.ssh/nopwd.pub.
The key fingerprint is:
SHA256:7ZmIPa2zD0YMtkvBpm9/juu5mjL98nrpG8nGurwmWFY root@kali
Review the keys
root@kali:~# ls ~/.sshauthorized_keys id_rsa id_rsa.pub known_hosts nopwd nopwd.pub
root@kali:~/.ssh# cat nopwd.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqsWLWXwoafVWsXAyNtZsnhYzn6PO2t5Ryr0U1JfQzVYwbmLB/MkUXTP57bwSGZ7XiljrsayrJwQny08Wxj11WYl74un1lsvBk+75HNiHC76F9iIF0jN12N0OgybdKymWGEIV5u9q7oqAw41ZXJDqgMA+ZglvGeyH9Ge2OWHyzSKSlGLl4bV51ww/FH0ZtPxXFKgoRSmQ8C7AP7IIFRLZJXJm1fSMdC+TpvUx68baCGo91PwZcdHY9dPnKaYZxcUlzRc0ou4pph3kr+b9beZsrJh/DGlrQC1uRy4HljKOGH4Bq1daf5GkrZQZNvfrXofT4WVyYWgzJ6u7Cs42/29tP root@kali
Copy the new keys to the Digital Ocean VPS
root@kali:~# ssh-copy-id -i .ssh/nopwd.pub -p 22 mhubbard@VPS-IP-Address/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/nopwd.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Enter passphrase for key '/root/.ssh/id_rsa':
Number of key(s) added: 1
Test that the key was copied
Note that we have to use the SSH parameter -i to explicitly use our now password key. This is because I have disabled passwords on my VPS.root@kali:~# ssh -p 22 -i /root/.ssh/nopwd mhubbard@VPS-IP-Address
Last login: Mon Sep 5 11:12:07 2016 from xxx-xxx-xxx-xxx-static.rvsd.ca.charter.com
mwhubbard.blogspot.com
This is a private system. Unless you have explicit
permission from Michael Hubbard logout immediately!
AutoSSH parameters
-M 10984 - autoSSH monitoring port. Used to keep the connection up-o "PubkeyAuthentication=yes" Authenticate with SSH Keys instead of passwords.
-o "PasswordAuthentication=no" Explicitly disable password authentication
-i /root/.ssh/nopwd Explicitly use our no password key
-R 2223:localhost:22: reverse tunnel. forward all traffic on port 2223 on the VPS to port 22 on the Odriod.
Run autossh to connect to the Digital Ocean VPS
root@kali:~/.ssh# autossh -M 10984 -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /root/.ssh/nopwd -R 2223:localhost:22 mhubbard@107.170.203.230 -p 22Last login: Sun Sep 4 21:52:16 2016 from xxx-xxx-xxx-xxx-static.rvsd.ca.charter.com
mwhubbard.blogspot.com
This is a private system. Unless you have explicit
permission from Michael Hubbard logout immediately!
Enable the tunnel on boot
These steps come straight from the "Persistent Reverse (NAT Bypassing) SSH tunnel" site listed in the references. It was the piece that I didn't know how to do and the blog was excellent.Here is a screen shot of my /etc/rc.local file
References
Persistent reverse (NAT bypassing) SSH tunnel access with autossh - This is a great site for system admins. I am really glad I found it.
autossh – Automatically restart SSH sessions and tunnels
Bypassing corporate firewall with reverse ssh port forwarding
SSH TUNNELLING FOR FUN AND PROFIT: AUTOSSH
No comments:
Post a Comment