So, to me, it seems like the extra TCP proxy is superfluous - you just need the process doing the actual tunnels (sshd) to log what it is doing or being requested to do. Or, enable some debug-level logging on sshd. Documentation Amazon EMR Documentation Management Guide Option 2, part 1: Set up an SSH tunnel to the primary node using dynamic port forwarding PDF To connect to the local web server on the primary node, you create an SSH tunnel between your computer and the primary node. This blog post (which you will, ironically, need to bypass an invalid SSL certificate in order to view) was mentioned at Server Fault and shows what appears to be a simple modification to the openssh source code to log the information you want: who set up a tunnel, and to where. It sounds like what you need is for your ssh daemon, presumably openssh, to log the tunnel connections established by the connecting users. So you wouldn't be able to learn any new information with this approach. In a real sense, it would not be an "ssh proxy" at all - it would only be a naïve TCP connection proxy on the inbound connection. If it could be sniffed, it wouldn't be secure.Īll your SSH proxy could tell you is that an inbound connection was made from a client computer, and syslog already tells you that. The fact that the ssh proxy is on the same machine makes no difference. The connections are encrypted, of course, and a significant point of SSH is that it can't be sniffed. The "ssh proxy" you envision would be unable to tell you anything about what's going on inside the SSH connections, which is where the tunnels are negotiated. I'm not sure if it's possible, but I wanted to give it a try. Clever, but with a critical flaw: you won't gain any new information. Setting up SSH tunnel through AWS SSM proxycommand 0 My 'problem': I want to connect to my DocumentDB via an SSH tunnel.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |