Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSH - to multiple devices help required

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 4 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robpal
      last edited by

      I have my pfsense setup as a ssh server allowing me to connect via port 443 with an authorized key file - i use putty to maker the connection.
      The purpose of this is to remotely administor/chk logs etc and also i have a tunnel setup by adding 8080 dynamic under putty tunnels then if i use a proxy server of localhost in internet browser i can browse the net securely using my own internet … with me so far?

      Ok here's what i want to do

      I have a linux ubuntu machine setup to accept ssh through port 22 via an authorised key i want to connect to this via ssh from outside

      what is the best way to do this ?

      Would it be to open up  port 22 and forward it in the firewall to the machine ip?

      or is there a way of adding a tunnel in putty allowing me to spawn a shell to the linux machine?

      Thanks for taking the time !!

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        An easy way to do this would be to ssh into your pfSense machine and then ssh from there to your Ubuntu machine. Things can get confusing when you're running an SSH session inside an SSH session though  ;).

        You should be able to ssh via your socks proxy though. I've never tried this however.

        Steve

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          have you looked into using openvpn to get into your network remote?  You then could ssh/telnet/rdp whatever you would like to anything on your network via the vpn connection.

          This is how I have it setup, I can then ssh into any box on my network from a remote location.  As a failsafe I have 22 forwarded to one of my linux machines.  Which as you only allows publickey auth, and has sshguard running to keep the logs from filling up with the script kiddies brute force attempts you will see on any ssh server connected to the public net.

          I have this failsafe in place in case I am on a machine where machine does not have admin rights to install openvpn client.  I can always have putty and my key with me on my flash.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            +1 for a proper VPN like OpenVPN.

            Failing that, check this out: http://www.bitvise.com/tunnelier

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • R
              robpal
              last edited by

              Hi Guys thks for the input, Stephenw10as a test i ssh'd into my pfsense with putty and key as usual and then from there pressed F8 for a shell and ssh'd into my linux box - though maybe a key auth for this one is overkill at the mo seen as though you need to get into my pfsense with a key to access the linux box i the 1st place??

              Johnpoz and jimp what advantage does OpenVPN have over putty? and is it as portable ie i run putty from a flash pen.

              Johnpoz you say you can ssh into your box but have a linux box with port 22 as a failsafe how do you choose between them during the connection do u just specify which port on the same ip?

              Also to put a spin on it has anyone tried RDP to linux box to get a GUI eg xwindow over ssh or vnc etc?

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                I thought I already went over the advantages of vpn vs putty.

                Once you make the vpn connection, its just like your local to the network - just a bit slower.  So you can ssh, rdp, ftp, smb/cifs to any box you want that is on your network - just like you were there.

                With a ssh connection to one box on your network you have create tunnels to each box and port you would want to connect to on the remote network via your ssh connection.

                Yes openvpn is quite small, and there is portable version you could use - but you have to have admin rights on the machine.  Which may not always be available - which is why I have putty as failsafe. http://portableapps.com/node/32472

                As to how to do I choose between them - openvpn is not running on 22, I have it running on tcp 443 which is normally OPEN no matter where you at, unlike ssh which may or may not be allowed out.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  @robpal:

                  Stephenw10as a test i ssh'd into my pfsense with putty and key as usual and then from there pressed F8 for a shell and ssh'd into my linux box - though maybe a key auth for this one is overkill at the mo seen as though you need to get into my pfsense with a key to access the linux box i the 1st place??

                  Not sure if that's a question but I would agree, no point in having key authentication on the second stage. In fact it's better not to do that. If somneone cracks the key on your ssh session to your pfSense box they would then have the key for your linux box since it would have to be stored on the pfSense box unless you copied it across every time.

                  The advantage of using an ssh tunnel or just nested ssh sessions is that ssh is pretty much omnipresent in the unix world so it requires almost no setup.
                  I haven't really researched it in security terms but as far as I know SSH with key based authentication is considered secure. As secure as a VPN? Depends on the vpn encryption used. I'm open to opinions.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.