1

I have a few endpoints that I would like to connect to over SSH for things like Powershell Remoting so that I can run scripts for automation.

How could I centralize access?

  1. Endpoints would connect over SSH to a central server
  2. Endpoints would keep this SSH connection open
  3. I would need to create universal access over SSH to the endpoints that are terminating at the server. By universal access, I mean devices on the same network would ideally be able to utilize these open SSH connections for whatever SSH purpose.

I am a bit confused about step 3.

  • Would I only be able to perform remote actions and connect over SSH by running Powershell, PuTTY, Remote Desktop etc. on the central server?
  • Would I be able to 'bring in' the SSH connections via this SSH server onto the general network, such that devices on the same network can connect to the systems over SSH through the central server?
  • Is there a better way to have multiple endpoints connect over SSH to a central server for running Powershell, running Remote Desktop or other SSH items from devices on the same network?

Devices could be Windows or Linux

I'm guessing:

  • Each of the endpoints from multiple remote networks connect over SSH to the SSH server on Lan X
  • Devices on Lan X would need to SSH into the SSH Server on Lan X
  • Once SSHed into the SSH Server, the devices on Lan X could now run Powershell scripts and other SSH items on the endpoints
Improve this question
3
  • I'd say you are mil=slaed on this use case. SSH is nothing more than a connection protocol, just like RDP all are 1:1 interactive use cases. You can only have on session connection per console instance. If you want multiple consoles each with their own ssh connection in a single terminal, then you need a shell terminal, i.e. Windows Terminal, VScode, etc., which allows you to have multiple tabs open, each with there own session. Nothing stops you from running code on multiple instances in parallel, but that is not interactive.
    – postanote
    Commented Jun 9, 2022 at 3:08
  • Sounds like a case for SSH tunneling perhaps: severalnines.com/database-blog/…. I've not gotten much experience here, but something like that should work. You'd just need to understand how to incorporate the connection and remote command running logic which trivial so research, testing, trial and error, etc. I'd configure it all as secure as possible so no root SSH access (only console) and enforce key pair only authentication to SSH.
    – Vomit IT - Chunky Mess Style
    Commented Jun 9, 2022 at 14:03
  • How about an automation tool like ansible or chief. Others exist.
    – cybernard
    Commented Jun 10, 2022 at 20:02

1 Answer 1

Reset to default
0

In your first scenario, you have

  1. Client --SSH-> Server
  2. Client waits for SSH session from server using this connection
  3. Server --SSH-> Client, runs commands, etc

This is called an ssh reverse tunnel, and is pretty straightforward to set up:

# On client, create an open tunnel from Client:22 -> Server:2222
ssh -R 2222:localhost:22 user@Server

# On server, connect to local 2222, and you're connected to that session
ssh -p 2222 user@localhost

Each client needs to connect on a separate port

To allow other clients to use those sessions (like Client1 -> Server <- Client2), just SSH from client to Server, then connect to the tunnels like above

To list what clients are connected on which ports, you can run this on the Server (linux):

 % sudo lsof -i -n | egrep '\<sshd\>'
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .