FW: ssh proxying vs. tunnelling

Janzer, John JJanzer at talisentech.com
Mon Oct 4 23:42:30 EST 2004


I have tunneling working successfully to 'proxy' ssh client traffic through a gateway machine down to an end server in such a way that the client thinks it is talking to the gateway machine.  Here is my setup:
 
Server:  running sshd listening to port 'xxx' - machine name <server>
   command run:  sshd -p xxx
 
Gateway:  running tunnel to server - machine name <gateway>
   command run:  ssh -L 22:<server>:xxx -N -f
 
Client:  run sftp to gateway, which tunnels forward to server:
   command run:  sftp <gateway>
 
This works great, however, the authentication occurs down on the end server machine.  I'd like to have the authentication occur at the gateway machine instead.  I realize I would have to run sshd on the gateway to do this, but is there a way to set this up so that the user on the client machine doesn't have to authenticate twice?
 
I'm using OpenSSH 3.9p1, with OpenSSL 0.9.7d, and the machines are all running Solaris.
 
My requirement is to have authentication occur at the gateway level, and then proxy traffic to allow an sftp session between the client and server.  I also need to keep the interface on the client end "ftp-like".
 
Thanks in advance!
John Janzer
 




More information about the openssh-unix-dev mailing list