[SOLVED] netcat for transparent SSH
Is there a way to install netcat on pfSense?
I have a number of machines on my LAN that are accessible by SSH. My pfSense box is the only SSH server exposed to the internet.
Today on my remote machine I have to ssh first to pfSense with port forwarding and then open another terminal to ssh to the other machines. With netcat available on pfSense I could use the following configuration on my remote machine:
~/.ssh/config on remote machine
ProxyCommand ssh firstname.lastname@example.org nc %h %p
And then simply issue an ssh machine-via-pfsense to get logged to this machine via pfSense SSH access.
[EDIT] I must be dumb when firing a console on pfSense it looks like that netcat is already there. Now I need to investigate why it doesn't work with the above configuration.
If I directly type in the command:
ssh email@example.com 'nc 192.168.0.1 22'
I get the pfSense console:
*** Welcome to pfSense 1.2.3-RELEASE-nanobsd on ares *** LAN* -> vr0 -> 192.168.0.254 WAN* -> vr1 -> 22.214.171.124(PPPoE) pfSense console setup *************************** 0) Logout (SSH only) 1) Assign Interfaces 2) Set LAN IP address 3) Reset webConfigurator password 4) Reset to factory defaults 5) Reboot system 6) Halt system 7) Ping host 8) Shell 9) PFtop 10) Filter Logs 11) Restart webConfigurator 12) pfSense Developer Shell 13) Upgrade from console 14) Disable Secure Shell (sshd)
Looks like this cannot work because when I ssh to pfSense I don't get a prompt but the pfSense console. Is there a way to force automatic command prompt when connected over ssh?
Use the root user, not admin.
Side note: netcat is already included in the base install of pfSense.
Weird… when I ssh to pfSense as root user I get the same pfSense console ???
[EDIT] BTW, is this specific to 2.x version as I'm running 1.2.3 release?
In 2.0 and 1.2.3 both, the admin user is locked into the menu for its shell.
The root user executes the menu from its .profile which lets it bypass that if you use remote commands, scp, etc.
So yes you will get the menu if you ssh in interactively, but if you pass a remote command it should work.
Thank you very much. Using root did the trick and allowed me to transparently ssh to machines behind the firewall and using public key as credentials…very neat!