Author Archives: Rob Giseburt

About Rob Giseburt

Software Engineer by day, 3D printing enthusiast all the time.

SSH Connection Multiplexing, Port Forwarding, and SOCK Proxy

By Rob Giseburt

Introduction

This is the third part of a series about using SSH with bastion hosts. You may wish to read the other parts if you haven’t already:

SSH Connection Multiplexing

If you might be opening multiple connections through the bastion host, either to a single machine or to multiple machines, it’s possible to use “connection multiplexing” to share the same connection to the bastion host as a transport to many ssh connections. This saves both resources and time establishing new connections. For a more in-depth discussion of connection multiplexing, look here.

Continue reading

Using SSH Bastion Hosts With AWS and Dynamically Locating Them With EC2 Tags

By Rob Giseburt

Introduction

This is the second part of a series about using SSH with bastion hosts. You may wish to read the first part for background about using SSH bastion hosts:

Dynamically loading the bastion server address from AWS

Credit to my colleague Jason Mao for devising this technique.

Here we will describe how to load the bastion server’s address from AWS, using AWS tags and the shell environment’s AWS authentication information. This could easily be extended or modified to use any other means of dynamically loading the hostname during the connection.

Continue reading

Using SSH Through A Bastion Host Transparently

By Rob Giseburt

A Bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access from untrusted networks or computers.
Wikipedia

Continue reading