[SOLVED] netcat for transparent SSH

  • Is there a way to install netcat on pfSense?
    I have a number of machines on my LAN that are accessible by SSH. My pfSense box is the only SSH server exposed to the internet.
    Today on my remote machine I have to ssh first to pfSense with port forwarding and then open another terminal to ssh to the other machines. With netcat available on pfSense I could use the following configuration on my remote machine:

    ~/.ssh/config on remote machine
    Host machine-via-pfsense
       User myuser
       ProxyCommand ssh admin@pfsense.dyndns.org nc %h %p

    And then simply issue an ssh machine-via-pfsense to get logged to this machine via pfSense SSH access.


    [EDIT] I must be dumb when firing a console on pfSense it looks like that netcat is already there. Now I need to investigate why it doesn't work with the above configuration.

  • If I directly type in the command:

    ssh admin@mypfsense.dyndns.org 'nc 22'

    I get the pfSense console:

    *** Welcome to pfSense 1.2.3-RELEASE-nanobsd on ares ***
      LAN*                     ->	vr0	->
      WAN*                     ->	vr1	->
     pfSense console setup 
     0)  Logout (SSH only)
     1)  Assign Interfaces
     2)  Set LAN IP address
     3)  Reset webConfigurator password
     4)  Reset to factory defaults
     5)  Reboot system
     6)  Halt system
     7)  Ping host
     8)  Shell
     9)  PFtop
    10)  Filter Logs
    11)  Restart webConfigurator
    12)  pfSense Developer Shell
    13)  Upgrade from console
    14)  Disable Secure Shell (sshd)

    Looks like this cannot work because when I ssh to pfSense I don't get a prompt but the pfSense console. Is there a way to force automatic command prompt when connected over ssh?

  • Rebel Alliance Developer Netgate

    Use the root user, not admin.

    Side note: netcat is already included in the base install of pfSense.

  • Weird… when I ssh to pfSense as root user I get the same pfSense console  ???

    [EDIT] BTW, is this specific to 2.x version as I'm running 1.2.3 release?

  • Rebel Alliance Developer Netgate

    In 2.0 and 1.2.3 both, the admin user is locked into the menu for its shell.

    The root user executes the menu from its .profile which lets it bypass that if you use remote commands, scp, etc.

    So yes you will get the menu if you ssh in interactively, but if you pass a remote command it should work.

  • ;D

    Thank you very much. Using root did the trick and allowed me to transparently ssh to machines behind the firewall and using public key as credentials…very neat!

Log in to reply