A VPN has not been setup neither for my home network nor my servers and the secure way currently being used to connect to them is SSH.
And, I am currently creating hard to maintain aliases in order to connect to my servers as seen below:
# SSH - Global Variable ssh_LH="127.0.0.1" ## SSH - Tucana - FW1 SSH Connection ######### ssh_fw1_key_path="/home/tiago/Desktop/servers/Tucana/HV1/FW1/SSH/fw1-ssh-key" ssh_fw1_user="admin" ssh_fw1_address="fw1.infoitech.co.uk" #>>>>>>>> Tunnels <<<<<<< hv1_ip="192.168.1.100" fw1_ip="192.168.1.2" hv1_storage_game="192.168.30.50" hv1_storage_game="$ssh_LH:322:$hv1_storage_game:22" hv1_proxmox_ssh="$ssh_LH:222:$hv1_ip:22" hv1_proxmox_gui="$ssh_LH:18006:$hv1_ip:8006" fw1_gui="$ssh_LH:1443:$fw1_ip:443" #>>>>>>>>>>>><<<<<<<<<<<<< alias ssh-fw1=' sudo ssh -i $ssh_fw1_key_path \ -L $hv1_proxmox_ssh \ -L $hv1_proxmox_gui \ -L $fw1_gui \ -L $hv1_storage_game \ $ssh_fw1_user@$ssh_fw1_address ' ######################
It is time to learn how to properly use the
ssh agent command and the
ssh config file to facilitate our life.
Navigate to your user's ssh folder and create the file
config if not already there :
tiago@desktop-linux:~ $ cd ~/.ssh tiago@desktop-linux:~/.ssh $ touch config tiago@desktop-linux:~/.ssh $ ll total 20 drwx------ 2 tiago tiago 4096 Mar 26 02:48 ./ drwxr-xr-x 36 tiago tiago 4096 Mar 26 03:13 ../ -rw------- 1 tiago tiago 94 Mar 26 02:48 config -rw------- 1 tiago tiago 3162 Mar 24 04:44 known_hosts -rw-r--r-- 1 tiago tiago 2942 Mar 17 15:19 known_hosts.old
It is important to restrict the permissions for this file to avoid abuse. Set it to user read and write only.
It is also important to notice that if you are forwarding privileged ports, instead of adding the config file to a normal user it has to be added to the root's user ssh profile folder ( /root/.ssh/ ).
IdentityFileoption pointing to the private key should be used instead of the SSH agent as used in the example below.
Edit the file with your server parameters :
Host router1 Hostname 192.168.20.1 # R1 - LUCI GUI LocalForward 127.0.0.1:2443 127.0.0.1:443 # R2 - LUCI GUI ( HTTP ) LocalForward 127.0.0.1:180 192.168.5.2:80 # R2 - SSH LocalForward 127.0.0.1:322 192.168.5.2:22 User root
If you are using key authentication. We will need to add our key to the
ssh agent with command below :
tiago@desktop-linux:~/.ssh $ ssh-add /home/tiago/Desktop/routers/linksys/SSH/private_openssh Enter passphrase for /home/tiago/Desktop/routers/linksys/SSH/private_openssh: Identity added: /home/tiago/Desktop/routers/linksys/SSH/private_openssh (rsa-key-20190913) tiago@desktop-linux:~/.ssh 13s $
We can now connect to our servers with the simple command :
tiago@desktop-linux:~/.ssh $ ssh router1