OpenSSH on external computer?

code4
code4 used Ask the Experts™
on
Is it possible to use a third computer to do authentication.

This is the scenario:

Computer1 wants an SSH connection to Computer2

What happens is:

Computer1 connects to Computer3, running OpenSSH.
Computer3 authenticates Computer1 and Computer 2.

The result is an SSH connection between 1 and 2 authenticated by 3.

Is this possible?
If so, how to set it up on Ubuntu?

Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Gerwin Jansen, EE MVETopic Advisor
Most Valuable Expert 2016

Commented:
This is not possible, SSH connections are between 2 computers. You could however login computer 3 from computer 1 and then log 'through' from there to computer 2. You are then connected from 1 to 2 via 3 but you have 2 SSH connections.
Monis MontherSystem Architect

Commented:
Actually you can. This is exactly how HTTPS works, it utilizes a certificate that is approved from a third party the CA (Certificate Authority).

Personally I have not done it. But there are options that allow you to do it. A simple google search for SSH using certificate will give you many articles.
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
HTTPS uses SSL/TLS, not SSH.  Here is Ubuntu info on using  SSH/OpenSSH/Keys:  https://help.ubuntu.com/community/SSH/OpenSSH/Keys
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Distinguished Expert 2017
Commented:
You are mixing commingling things.

You can have common authentication using NIS, LDAP?

You could setup external authentication using tunnels between 2 and 3 and 1 and 3 will pass credentials it received to confirm they are valid on the third, though as said earlier openssh is not an authentication protocol.
Gerwin Jansen, EE MVETopic Advisor
Most Valuable Expert 2016

Commented:
>> You could setup external authentication using tunnels between 2 and 3 and 1 and 3 will pass credentials it received to confirm they are valid on the third
@arnold, I'd be interested in a link or article on how to set that up :)
Distinguished Expert 2017

Commented:
There is no such article that deals with the scenario, but one has to write something from scratch to function as those who authenticate against data in a DB mysql, PostgreSQL, etc.

On the remote site you will need a service that will tie into the local authentication scheme.
Monis MontherSystem Architect

Commented:
@davebadwin

True HTTPS uses TLS/SSL but I was referring to the idea of utilizing certificates.

You can use SSH with x.509 certificates. If it not self signed i.e. signed from a third party then you can consider this third party the third machine suggested in the original scenario.

check  these two links

https://plus.google.com/+KingsleyIdehen/posts/Yee8L58efd7

http://trueg.wordpress.com/2012/09/06/use-an-x-509-certificate-for-ssh-login/

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial