Why I'm Populating authorized

Folks-

Thanks to everyone for replying - I appreciate all comments!

In this case, I failed to give you the context in which this script will be running. This may clear up some of the confusion on why I'm using this script.

I have a perl script running on a PC. The goal is to get UDP packets flowing from remote machine B (remB) to the PC. The problem is that PC cannot directly connect to remB, and must go through remote machine A (remA) first. The remA machine is tightly controlled and I don't have many options to choose from. Here's what I'm planning (comments welcome):

---------       --------       --------
|   PC  |-------| remA |-------| remB |
---------       --------       --------
[download]

The PC uses Net::SSH::Perl to contact remote machine A (remA) and sets up a UDP forwarder by remotely executing a short perl script there. Once that is done, we need to get remA to be able to remotely execute commands on remB to start the UDP flow. I can't use Net::SSH::Perl from remA because it's not installed there. Also, I can't use remA as a proxy to remB because sshd is setup to prevent that (hence the UDP forwarder). I also can't play any games with port forwarding because that's blocked as well.

The idea is to prompt PC user to enter the password for remB then run the above perl script on remA to allow for password-less remote execute between the two. Now remA can run a bunch of commands on remB to get the UDP flow started (and do some other stuff). The UDP packets go from remB to remA, through the UDP forwarder and finally over to the PC.

I'm open to other suggestions if there's a better way to do this, but this is what I came up with.

Thanks

-Craig

Comment on Why I'm Populating authorized_keys with Expect Download Code

Replies are listed 'Best First'.
Re: Why I'm Populating authorized_keys with Expect by salva (Canon) on Nov 25, 2008 at 15:58 UTC
With out knowing exactly what you can and can not do on remA it will difficult to help you! Can you run `nc` or `ssh` on remA? Is tunnel forwarding also disabled in remB sshd configuration?	[reply] [d/l] [select]
Re^2: Why I'm Populating authorized_keys with Expect by cmv (Chaplain) on Nov 25, 2008 at 17:41 UTC
I cannot run nc on remA, since it is not installed, however I can use ssh. The nc binary does not exist on remA, and there is resistance to do what they consider as "downloading" programs to the machine. Since the machine already has perl, it was easier for me to write the simple UDP forwarding perl script and run it there. Running ssh on remA is no problem, which is why I'm using this solution. As you surmised, tunnel forwarding is disabled. Many thanks for helping, even with limited information. Please feel free to ask or point me to any other possibilities that might occur to you. Thanks -Craig	[reply]
Re^3: Why I'm Populating authorized_keys with Expect by salva (Canon) on Nov 26, 2008 at 09:12 UTC
It is still not clear to me what is the problem... If you can run ssh from remA, just ssh to remB and run the commands you need there. You will need to add option -t to your ssh commands in order to allocate a pseudo tty, so that passwords are requested. For instance: `$ ssh -t remA ssh remB` [download] Anyway, reenabling ssh tunnels just for you is possible and not so tricky. All you need to do is to run another sshd with your own configuration in remA through another ssh connection: Copy `/etc/ssh/sshd_config` to your home and edit it enabling tunnels. Create a new set of dsa and rsa host keys on your home and set the paths on the configuration file accordingly. And then... `$ ssh remA -L... -R... -o 'ProxyCommand ssh remA sshd -i -f /your/home +/your_sshd_config' remA-foo` [download]	[reply] [d/l] [select]
Re^4: Why I'm Populating authorized_keys with Expect by cmv (Chaplain) on Nov 26, 2008 at 16:03 UTC
Re^5: Why I'm Populating authorized_keys with Expect by salva (Canon) on Nov 26, 2008 at 16:51 UTC
Some notes below your chosen depth have not been shown here