How to SSH gate forwarding git user to gitserver?
Im trying to set up ssh/git access through a ssh gate but googleing has come up empty. Basically I want any connection to my ssh gate from the user git to be forwarded to my ssh server so that pushes and pulls can me made remotely. However if any other user connects I want them to be logged in as usual.
internet--(git)-->gate--(git)--> git-server
internet--(user)-->gate
Any help or advice would be much appreciated.
One way to do this on the client side is to add the following to your .ssh/config:
Host git.life-hack.org
HostName git.life-hack.org
ProxyCommand ssh [email protected] nc %h %p
User git
But I was hoping that there would be a way to do this server side.
Solution 1:
I assume you're talking about Linux and OpenSSH. Please advise if this is not the case.
I understand that the git-server isn't directly reachable from the internet. I don't think you can do what you're proposing automatically just using SSH.
Let's assume gate is on 2.2.2.2 (public IP) and git-server is at 10.10.10.10 (RFC1918)
Depending on what exacly you're trying to achieve and what the constraints are, you could:
1) have the user connecting to the git-server forward a port first:
ssh -N -L2222:10.10.10.10:22 [email protected]
and then they could log in as:
ssh -p2222 git@localhost
2) on the gate, you could forward connections made to 2.2.2.2:2222 to 10.10.10.10:22 so your user would log in as: ssh -p2222 [email protected]
This would require a few commands executed on the gate:
# enable forwarding
echo -n 1 > /proc/sys/net/ipv4/ip_forward
# DNAT packets destined for 2.2.2.2:2222 to 10.10.10.10:22
iptables -A PREROUTING -d 2.2.2.2 -p tcp --dport 2222 -j DNAT --to-destination 10.10.10.10:22
# allow responses from 10.10.10.10 to get through
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# allow forwarding connections to 10.10.10.10:22
iptables -A FORWARD -p tcp --dport 22 -d 10.10.10.10 -j ACCEPT
There's nothing specific to do on the git-server.