Avatar of code4
code4
 asked on

OpenSSH on external computer?

Is it possible to use a third computer to do authentication.

This is the scenario:

Computer1 wants an SSH connection to Computer2

What happens is:

Computer1 connects to Computer3, running OpenSSH.
Computer3 authenticates Computer1 and Computer 2.

The result is an SSH connection between 1 and 2 authenticated by 3.

Is this possible?
If so, how to set it up on Ubuntu?

Thanks!
SSH / Telnet SoftwareLinux

Avatar of undefined
Last Comment
Monis Monther

8/22/2022 - Mon
Gerwin Jansen

This is not possible, SSH connections are between 2 computers. You could however login computer 3 from computer 1 and then log 'through' from there to computer 2. You are then connected from 1 to 2 via 3 but you have 2 SSH connections.
Monis Monther

Actually you can. This is exactly how HTTPS works, it utilizes a certificate that is approved from a third party the CA (Certificate Authority).

Personally I have not done it. But there are options that allow you to do it. A simple google search for SSH using certificate will give you many articles.
Dave Baldwin

HTTPS uses SSL/TLS, not SSH.  Here is Ubuntu info on using  SSH/OpenSSH/Keys:  https://help.ubuntu.com/community/SSH/OpenSSH/Keys
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER CERTIFIED SOLUTION
arnold

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Gerwin Jansen

>> You could setup external authentication using tunnels between 2 and 3 and 1 and 3 will pass credentials it received to confirm they are valid on the third
@arnold, I'd be interested in a link or article on how to set that up :)
arnold

There is no such article that deals with the scenario, but one has to write something from scratch to function as those who authenticate against data in a DB mysql, PostgreSQL, etc.

On the remote site you will need a service that will tie into the local authentication scheme.
Monis Monther

@davebadwin

True HTTPS uses TLS/SSL but I was referring to the idea of utilizing certificates.

You can use SSH with x.509 certificates. If it not self signed i.e. signed from a third party then you can consider this third party the third machine suggested in the original scenario.

check  these two links

https://plus.google.com/+KingsleyIdehen/posts/Yee8L58efd7

http://trueg.wordpress.com/2012/09/06/use-an-x-509-certificate-for-ssh-login/
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.