Disclaimer: The following examples try to give an overview of the process followed in different scenarios. Some commands were actually written from memory. Some tools might exist simplifying all this. Furthermore, I'm no expert so if anyone ever reads this and knows any improvement, please let me know.
Given that the Guest User can access the Pairing Station directly, either because the station is publicly available or because NAT port forwarding can be used, there's only one thing we need to do, give ssh access to the Guest User by adding his ssh public key to our Local User (pair) .ssh/authorized_keys file.
The local user would open up a tmux session with
tmux new-session -s pairingGuest user would attach to the opened session after logging in as the local user
tmux attach-session -t pairingWhen the user sharing the tmux session is different to the pair user we specify a shared socket.
The local user would open a tmux session specifying a shared socket:
tmux -S /tmp/tmux-pair new-session -s pairing
chmod 0777 /tmp/tmux-pair
The guest user connected as pair would attach using the shared socket:
tmux -S /tmp/tmux-pair attach-session -t pairing
Same as Case 1 but the guest user is automatically ssh'd into a vagrant virtual machine after login. To accomplish this we would need to setup a private network for the VM by using the vm.network configuration option in the Vagrantfile (v2):
config.vm.network :private_network, :ip => "10.10.10.15", :netmask => "255.255.255.0"In order to get the user automatically ssh'd into the vm we put a forced command when adding the ssh public key of the guest user to local user pair authorized_keys file:
command="ssh [email protected]",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCj+CjzZUHQZ1Q3MmJ1NAoQHiGh/OGHSimsdK7k+MjxGIJ2aX8NYc4FQW53uwwVTBljjYp0HSBj2b1fPsuuEmArsFm6hidghD7wj2221PTc+z+WMxLh6i1PhhzImPSLskPhj1m6ViCyzseNVfQf5SjggxdyqaPsoT+atg13s6qmD9kDxbEEv0gt4Ygtbo9czATviMfmF3GN1cGMTwP3p2m0X6a98uU76P9VybtfaPnnF1rUH4Izbs3OkHKHzmHcV2W5iaSXAOBZu0rXjdKEshuDePBi9JmZ2ylnAK60G6VgDOb74SFlVg3Za6vNQFea8Xs6tqXG5kC6K4sne98NBd4j [email protected]
Proceed opening and attaching to a tmux session as in Case 1 but as the vagrant user inside the VM.
Note: The actual setup has one user (the regular used by the host) running the vagrant vm and a special user (pair) had ssh authorized access (with force command) for the guest user.
When there's no direct ssh access available we can forward the local sshd port to a remote port in public server. That way the Guest User connects to the public server on the remote port and when inside the remote server he connects to the forwarded port in the Pairing Station.
- Create guest user (
adduser jumper) - Generate ssh keys for
jumper(ssh-keygen -b 1024 -N '' -f ~/.ssh/id_rsa -t rsa -q) - Add public key of remote guest user to
/home/jumper/.ssh/authorized_keysfile - Add public key of local user (
pair) to remote guest user (jumper) authorized_keys - Add the public key of remote
jumperuser (generated in 2.) to local user (pair) authorized_keys file
The local user pair sets up the reverse tunnel from the Pairing Station with:
ssh -nvNT -R 2222:localhost:22 [email protected]
The guest user connects to the public server and then to the Pairing Station:
ssh [email protected]
ssh -p 2222 jumper@localhost
Note: If we wanted to also forward the user to a Vagrant VM, we would need to use the force command when adding the remote user (jumper) public key to the local user (pair) authorized_keys file, like it is shown in Case 2.