code4
asked on
OpenSSH on external computer?
Is it possible to use a third computer to do authentication.
This is the scenario:
Computer1 wants an SSH connection to Computer2
What happens is:
Computer1 connects to Computer3, running OpenSSH.
Computer3 authenticates Computer1 and Computer 2.
The result is an SSH connection between 1 and 2 authenticated by 3.
Is this possible?
If so, how to set it up on Ubuntu?
Thanks!
This is the scenario:
Computer1 wants an SSH connection to Computer2
What happens is:
Computer1 connects to Computer3, running OpenSSH.
Computer3 authenticates Computer1 and Computer 2.
The result is an SSH connection between 1 and 2 authenticated by 3.
Is this possible?
If so, how to set it up on Ubuntu?
Thanks!
Gerwin Jansen
This is not possible, SSH connections are between 2 computers. You could however login computer 3 from computer 1 and then log 'through' from there to computer 2. You are then connected from 1 to 2 via 3 but you have 2 SSH connections.
Actually you can. This is exactly how HTTPS works, it utilizes a certificate that is approved from a third party the CA (Certificate Authority).
Personally I have not done it. But there are options that allow you to do it. A simple google search for SSH using certificate will give you many articles.
Personally I have not done it. But there are options that allow you to do it. A simple google search for SSH using certificate will give you many articles.
HTTPS uses SSL/TLS, not SSH. Here is Ubuntu info on using SSH/OpenSSH/Keys: https://help.ubuntu.com/community/SSH/OpenSSH/Keys
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> You could setup external authentication using tunnels between 2 and 3 and 1 and 3 will pass credentials it received to confirm they are valid on the third
@arnold, I'd be interested in a link or article on how to set that up :)
@arnold, I'd be interested in a link or article on how to set that up :)
There is no such article that deals with the scenario, but one has to write something from scratch to function as those who authenticate against data in a DB mysql, PostgreSQL, etc.
On the remote site you will need a service that will tie into the local authentication scheme.
On the remote site you will need a service that will tie into the local authentication scheme.
@davebadwin
True HTTPS uses TLS/SSL but I was referring to the idea of utilizing certificates.
You can use SSH with x.509 certificates. If it not self signed i.e. signed from a third party then you can consider this third party the third machine suggested in the original scenario.
check these two links
https://plus.google.com/+KingsleyIdehen/posts/Yee8L58efd7
http://trueg.wordpress.com/2012/09/06/use-an-x-509-certificate-for-ssh-login/
True HTTPS uses TLS/SSL but I was referring to the idea of utilizing certificates.
You can use SSH with x.509 certificates. If it not self signed i.e. signed from a third party then you can consider this third party the third machine suggested in the original scenario.
check these two links
https://plus.google.com/+KingsleyIdehen/posts/Yee8L58efd7
http://trueg.wordpress.com/2012/09/06/use-an-x-509-certificate-for-ssh-login/