Link to home
Start Free TrialLog in
Avatar of code4

asked on

OpenSSH on external computer?

Is it possible to use a third computer to do authentication.

This is the scenario:

Computer1 wants an SSH connection to Computer2

What happens is:

Computer1 connects to Computer3, running OpenSSH.
Computer3 authenticates Computer1 and Computer 2.

The result is an SSH connection between 1 and 2 authenticated by 3.

Is this possible?
If so, how to set it up on Ubuntu?

Avatar of Gerwin Jansen
Gerwin Jansen
Flag of Netherlands image

This is not possible, SSH connections are between 2 computers. You could however login computer 3 from computer 1 and then log 'through' from there to computer 2. You are then connected from 1 to 2 via 3 but you have 2 SSH connections.
Actually you can. This is exactly how HTTPS works, it utilizes a certificate that is approved from a third party the CA (Certificate Authority).

Personally I have not done it. But there are options that allow you to do it. A simple google search for SSH using certificate will give you many articles.
HTTPS uses SSL/TLS, not SSH.  Here is Ubuntu info on using  SSH/OpenSSH/Keys:
Avatar of arnold
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
>> You could setup external authentication using tunnels between 2 and 3 and 1 and 3 will pass credentials it received to confirm they are valid on the third
@arnold, I'd be interested in a link or article on how to set that up :)
There is no such article that deals with the scenario, but one has to write something from scratch to function as those who authenticate against data in a DB mysql, PostgreSQL, etc.

On the remote site you will need a service that will tie into the local authentication scheme.

True HTTPS uses TLS/SSL but I was referring to the idea of utilizing certificates.

You can use SSH with x.509 certificates. If it not self signed i.e. signed from a third party then you can consider this third party the third machine suggested in the original scenario.

check  these two links