[SOLVED] netcat for transparent SSH

alphazo · Jan 12, 2011, 5:20 PM

Is there a way to install netcat on pfSense?
I have a number of machines on my LAN that are accessible by SSH. My pfSense box is the only SSH server exposed to the internet.
Today on my remote machine I have to ssh first to pfSense with port forwarding and then open another terminal to ssh to the other machines. With netcat available on pfSense I could use the following configuration on my remote machine:

~/.ssh/config on remote machine
Host machine-via-pfsense
User myuser
Hostname 192.168.0.10
ProxyCommand ssh admin@pfsense.dyndns.org nc %h %p

And then simply issue an ssh machine-via-pfsense to get logged to this machine via pfSense SSH access.

Thanks
Alphazo

[EDIT] I must be dumb when firing a console on pfSense it looks like that netcat is already there. Now I need to investigate why it doesn't work with the above configuration.

alphazo · Jan 11, 2011, 10:53 AM

If I directly type in the command:

ssh admin@mypfsense.dyndns.org 'nc 192.168.0.1 22'

I get the pfSense console:

*** Welcome to pfSense 1.2.3-RELEASE-nanobsd on ares ***

  LAN*                     ->	vr0	->	192.168.0.254
  WAN*                     ->	vr1	->	77.199.35.206(PPPoE)

 pfSense console setup 
***************************
 0)  Logout (SSH only)
 1)  Assign Interfaces
 2)  Set LAN IP address
 3)  Reset webConfigurator password
 4)  Reset to factory defaults
 5)  Reboot system
 6)  Halt system
 7)  Ping host
 8)  Shell
 9)  PFtop
10)  Filter Logs
11)  Restart webConfigurator
12)  pfSense Developer Shell
13)  Upgrade from console
14)  Disable Secure Shell (sshd)

Looks like this cannot work because when I ssh to pfSense I don't get a prompt but the pfSense console. Is there a way to force automatic command prompt when connected over ssh?

jimp · Jan 12, 2011, 3:53 PM

Use the root user, not admin.

Side note: netcat is already included in the base install of pfSense.

alphazo · Jan 12, 2011, 4:24 PM

Weird… when I ssh to pfSense as root user I get the same pfSense console ???

[EDIT] BTW, is this specific to 2.x version as I'm running 1.2.3 release?

jimp · Jan 12, 2011, 4:25 PM

In 2.0 and 1.2.3 both, the admin user is locked into the menu for its shell.

The root user executes the menu from its .profile which lets it bypass that if you use remote commands, scp, etc.

So yes you will get the menu if you ssh in interactively, but if you pass a remote command it should work.

alphazo · Jan 12, 2011, 4:50 PM

;D

Thank you very much. Using root did the trick and allowed me to transparently ssh to machines behind the firewall and using public key as credentials…very neat!