Windows is not what it used to be (completely useless). Nowadays it is possible to forward yourself your local connection via a socks proxy to some place remote. On Linux and other OS, this is nothing new, but it was news to me, that this is possible with Windows too. It's basically the same as with linux / others, just with the exception of one bug, that requires hard-coding the PATH to the SSH client exe.
What you need:
- OpenSSH Client (optional Windows feature) - or download.
- OpenSSH ssh-agent (optional feature / service) - only for convenience, who likes to enter all those passwords (not me!)
- OpenSSH server. Most likely you won't have that enabled on your Non-Admin host - but what's stopping you from downloading it or building your own? - Right - nothing.
Example:
A complected setup with 2 jump hosts
- Opsn-SSH running on localhost (A container would work too - or a some VM,WSL...)
- First jump host "jump"
- There is some bug in the current open-ssh client for windows that breaks "ProxyJump" and requires this ProxyComand with full path.
- Second jump host "ap008" (only reachable from jump host)
- Basically the same setup. Add as many jump hosts as you need on your path to success.
sshd-config:
You can go with the defaults here pretty much. Just change the paths accordingly to where you put the installation and where you create the host key etc. Two important parts:
- You need to set: "UsePrivilegeSeparation no" because you are not admin
- You need to authenticate with key
See the link to the actual sshd-config config file.
ssh-config:
# Local IP of Container / VM running sshd
Hostname 127.0.0.1
Port 22222
User bon
DynamicForward 8888
# jump host
Host jump
Hostname 10.XXX
User jumphostuser
# second jump host
Host ap008
User appuser
HostName 10.XXX
ProxyCommand c:/Windows/System32/OpenSSH/ssh.exe jump -W %h:%p
Host erde
User bon
Hostname 100.xxx
Port 2225
ProxyCommand c:/Windows/System32/OpenSSH/ssh.exe ap008 -W %h:%p
RemoteForward 8888 127.0.0.1:8888
No comments:
Post a Comment