Jumphost

Current version: alpha

Jumphost is a management system for reverse ssh connections where a server acts as a reverse proxy for these connections. It generates static daemon services for different systems. These services bind their local ssh port (generally port 22) to the server. You can then use these port bindings to then establish a reverse connection to the remote. It is in essence a glorified database front end for managing ports on the server machine.

This software is intended to be used where the remote hosts are in an otherwise unreachable network segment.

There is no dynamic port negotiation by design. All configurations are statically generated. This can lead to potential port collisions during runtime. Be aware of this and check your logs.

Currently generators for the following targets are included:

systemd based linux distributions
freebsd
opnsense
archlinux

These are meant to be guiding examples on how to implement a generator and should be modified to fit your needs.

Conceptual idea and motivation

ssh is a powerful and widely available tool for system administration - as long as you can connect to the remote host. Sometimes you lack the ability to make the host externally available but are able to make outgoing connections. In this case you can use ssh's port binding feature to bind the local ssh daemon port to the jumphost:

ssh -R 22:localhost:12345 jumphost

This binds port 22 (usually sshd) of your local machine to the port 12345 on the remote machine. Then you can establish a reverse connection by opening a ssh connection to that port:

ssh -J jumphost -p 12345 localhost

A more thorough explanation of this can be found in the projects README file. This project generates the required daemon files that open and restart the connection on disconnect.

Server Dependencies

ssh server
M4
sed
sqlite3

Installation

A installation script can be found in utils/install. The setup checks whether the included configuration file config.m4 has been modified and will not proceed otherwise. A script to setup a user named jumphost can be found in utils/install_user. Run these from the base of the repository:

utils/install
utils/install_user

Beware: These will create the user and group jumphost and will modify your sshd configuration.

For Arch linux a PKGBUILD can be found in the utils directory.

How to use jumphost

You can generate a client configuration with the following command:

generate_jumphost_systemd example.host

This will create a directory containing the installer under /var/lib/jumphost/example.host. Use any method to transfer it's contents to the client machine.
Recomendation: Using the scp command implicitly checks the connection from the client to the server.
Then execute the init_jumphost script on the client.

scp -r jumphost:/var/lib/jumphost/example.host/ /tmp/
cd /tmp/example.host
./init_jumphost

Utility scripts

It also contains the program generate_ssh_config that generates a ssh config file for all hosts. You can load its output in your ssh config via ssh's include directive.

Releases

The current version can be fetched via git: git://git.lemen.xyz/jumphost.git