Skip to content

Instantly share code, notes, and snippets.

@alvarobp
Last active November 9, 2024 00:13
Show Gist options
  • Save alvarobp/6075238 to your computer and use it in GitHub Desktop.
Save alvarobp/6075238 to your computer and use it in GitHub Desktop.
Setting up a remote pair station with SSH + TMUX and/or Reverse SSH Tunnel

Disclaimer: The following examples try to give an overview of the process followed in different scenarios. Some commands were actually written from memory. Some tools might exist simplifying all this. Furthermore, I'm no expert so if anyone ever reads this and knows any improvement, please let me know.

Case 1: Direct access to Pairing Station

Given that the Guest User can access the Pairing Station directly, either because the station is publicly available or because NAT port forwarding can be used, there's only one thing we need to do, give ssh access to the Guest User by adding his ssh public key to our Local User (pair) .ssh/authorized_keys file.

The local user would open up a tmux session with

tmux new-session -s pairing

Guest user would attach to the opened session after logging in as the local user

tmux attach-session -t pairing

Case 1.1

When the user sharing the tmux session is different to the pair user we specify a shared socket.

The local user would open a tmux session specifying a shared socket:

tmux -S /tmp/tmux-pair new-session -s pairing
chmod 0777 /tmp/tmux-pair

The guest user connected as pair would attach using the shared socket:

tmux -S /tmp/tmux-pair attach-session -t pairing

Case 2: Direct access to Pairing Station caging pair in a Vagrant VM

Same as Case 1 but the guest user is automatically ssh'd into a vagrant virtual machine after login. To accomplish this we would need to setup a private network for the VM by using the vm.network configuration option in the Vagrantfile (v2):

config.vm.network :private_network, :ip => "10.10.10.15", :netmask => "255.255.255.0"

In order to get the user automatically ssh'd into the vm we put a forced command when adding the ssh public key of the guest user to local user pair authorized_keys file:

command="ssh [email protected]",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCj+CjzZUHQZ1Q3MmJ1NAoQHiGh/OGHSimsdK7k+MjxGIJ2aX8NYc4FQW53uwwVTBljjYp0HSBj2b1fPsuuEmArsFm6hidghD7wj2221PTc+z+WMxLh6i1PhhzImPSLskPhj1m6ViCyzseNVfQf5SjggxdyqaPsoT+atg13s6qmD9kDxbEEv0gt4Ygtbo9czATviMfmF3GN1cGMTwP3p2m0X6a98uU76P9VybtfaPnnF1rUH4Izbs3OkHKHzmHcV2W5iaSXAOBZu0rXjdKEshuDePBi9JmZ2ylnAK60G6VgDOb74SFlVg3Za6vNQFea8Xs6tqXG5kC6K4sne98NBd4j [email protected]

Proceed opening and attaching to a tmux session as in Case 1 but as the vagrant user inside the VM.

Note: The actual setup has one user (the regular used by the host) running the vagrant vm and a special user (pair) had ssh authorized access (with force command) for the guest user.

Case 3: No direct access (Reverse SSH tunnel)

When there's no direct ssh access available we can forward the local sshd port to a remote port in public server. That way the Guest User connects to the public server on the remote port and when inside the remote server he connects to the forwarded port in the Pairing Station.

Setup

  1. Create guest user (adduser jumper)
  2. Generate ssh keys for jumper (ssh-keygen -b 1024 -N '' -f ~/.ssh/id_rsa -t rsa -q)
  3. Add public key of remote guest user to /home/jumper/.ssh/authorized_keys file
  4. Add public key of local user (pair) to remote guest user (jumper) authorized_keys
  5. Add the public key of remote jumper user (generated in 2.) to local user (pair) authorized_keys file

Running tunnel

The local user pair sets up the reverse tunnel from the Pairing Station with:

ssh -nvNT -R 2222:localhost:22 [email protected]

Connecting through

The guest user connects to the public server and then to the Pairing Station:

ssh [email protected]
ssh -p 2222 jumper@localhost

Note: If we wanted to also forward the user to a Vagrant VM, we would need to use the force command when adding the remote user (jumper) public key to the local user (pair) authorized_keys file, like it is shown in Case 2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment