Script for merging two SSH connections together? - linux

I'm trying to write a bash script to merge 2 already-existing SSH connections.
For example, if I have an embedded device automatically creating an SSH connection to my server (from behind a firewall), how can I connect to that server in the middle, and jump into the already-existing connection from that embedded device?
I have looked into the possibility of using the server as a 'jump host', but it seems like I will need to reliably determine (and send SSH requests) to that embedded device?
I have also looked at having the embedded device create a 'screen' on the remote server and connect to that, but that just seems like it would be operating on the remote server.
I'm sorry if this is the wrong place to ask this, but I don't know where else to ask.

It sounds like your requirements are going to need either a uPNP solution or tunnelling solution to get through your firewall. The following link discusses reverse SSH tunneling as one part of this solution.
https://unix.stackexchange.com/questions/46235/how-does-reverse-ssh-tunneling-work

Related

PYMODBUS: How to get master to communicate with slave?

I'm working on a project where I have two Debian VMs that both have Pymodbus installed. I'm trying to setup a virtual testing environment where I can perform various cyber attacks on the two from a third Kali VM while they communicate. Unfortunately, I'm very new to unix and PLC programming, and am having some difficulty getting the two to communicate with each other. Ideally, the master should send data to the slave, who then updates some information and sends a response back. Does anyone know how to begin to get these two to work together? I'm really at a loss here, and I have no idea where to begin. Thank you so much, I really appreciate it.
I got pymodbus from here: https://pypi.python.org/pypi/pymodbus
Documentation located here: https://github.com/riptideio/pymodbus
P.S. I used pip to install the above .whl file, but I've seen other people install pymodbus by simply running a command, which makes me worry that I've done this all wrong.
You can run a test in one Debian VM system.
1. run the server file, and set the ip and port.
2. run the client file, and connect to the ip and port.
That is tcp/ip method and you can do serial method by the same file.Just look the comments in the above files. If any questions, let me know.
server picture:
client picture:
updated:
1.connect two PCs by local area network.Make sure two PCs can ping each other.
2.set synchronous-server.py:
StartTcpServer(context, identity=identity, address=("0.0.0.0", 5020))
which means listen all the coming connection requests from all ip.
3.setsynchronous-client.py(let's assume the server pc ip is "192.168.1.10", you should replace this ip to real server ip):
client = ModbusClient('192.168.1.10', port=5020)
4.run the two py files and it should works now.

Remote SSH/SFTP with Netbeans

I know you can set up remote connection in Netbeans or as others have suggested, mount the remote file system locally and let Netbeans read that.
This current set-up I have to SSH into a remote server and then SSH again into another one.
Is it possible in Netbeans to access the filesystem on the 2nd server hop?
I think you can setup a SSH local port forwarding on your first remote server to archive what you want here. Once ssh connection established with the first server, it will be tunnel to second server. Also, will be much more convenient if using SSH public key as authentication method.
Run below command on your local (Need to keep this running)
ssh -NL 2222:server2.example.com:22 server1.example.com
Test connection with ssh locally
ssh localhost 2222
So in your case, Netbeans just need to connect to localhost port 2222.
Ref: https://www.ssh.com/ssh/tunneling/example
That isn't answer you expect, but to big to put it in comment.
I think best solution is configure autostart some service which will create tunnel to first server on your login and bind local port (let's say 2222) to second remote server ssh port. This is basical feature of ssh client. When you can configure Netbeans to connect to localhost:2222 and login right into second server. You might need to use keys authentication for first server.
Where are examples to make such thing. Like is underneath link on article
http://www.pc-freak.net/blog/start-ssh-tunnel-pc-boots-windows-alwaysup/
Since you can get ssh access via a daisy-chain, you can very likely use SSHFS:
https://github.com/libfuse/sshfs
Available in Debian (and therefore, likely many other distributions):
https://packages.debian.org/jessie/sshfs
As long as you have ssh keys set up properly on each server, you can daisy-chain mounting via SSHFS to the machine where your NetBeans app is running.
https://en.wikipedia.org/wiki/SSHFS
NOTE: There are some caveats, including that SSHFS expects that it is the only mechanism used to update the filesystem, and that there is only one writer at a time. Undesirable behavior can occur if you allow other mechanisms to change the files or directories on the target server, including data loss and/or corruption.

Windows program to communicate with Virtualbox

I am wondering if it is possible to write a program on Windows that communicates with a program within a Linux Virtualbox on the same machine. If this is possible, what is the best approach to doing this? Is there a way to do this without using the internet to communicate?
I found instructions showing how you could potentially use SSH, but I have never tried doing this before, so I do not know if using SSH to communicate would be the best option.
I was going to put this as a comment to a very vague question, but then it got too long.
It depends what you mean by "communicate"....
If the Windows machine should start a program on the Linux VM, you probably want plink.exe - see here.
If you want to transfer whole files, you probably want scp or FTP or FileZilla - see here.
If you want to send small messages occasionally, maybe netcat, also known as nc - see Netcat Cheatsheet here.
If you want full-on, high speed, continuous messages, maybe sockets or some messaging protocol like mqtt.
If you want to share data structures, like lists, queues or sets, you could allow both Windows and the Linux machine to access a shared Redis database - see here.
Or maybe it is enough to share a filesystem between the two machines - in which case you can make a Shared Folder in VirtualBox on your host and the VM can just mount that and read/write it. See diagram:

SSL Socket Communication in CGI a good idea?

I would like there be a way to communicate between and Apache Server and an Application running on a Linux laptop.
The only way I can think of doing this is using SSL Sockets in a CGI python or perl script. Is this a good idea by any chance?
The Apache Server and the application are on the same machine, so perhaps having encryption might not be a big deal, since an attacker would need to gain physical access to hack the process. On the other hand it is connected to the network, and possibly could be sniffed.
Is encryption in such a case? Could an attacker sniff the data in that case?
Also if this is indeed a good idea, does anyone have resources on how to implement ssl socket with perl or python?
If you are using loop back address (local host or 127.0.0.1), i don't think it can be sniffed on the network since it doesn't go beyond your interface card. So encryption is not a concern here.
For the second part, following is an SO example python client though uou can find tons any way.
Another thing is being on Linux, you can simply connect via shell too. Just use netcat i.e. nc. You can send any text to server as well as read back using this command line application.
Don't reinvent the wheel.

How to provide "reverse ssh" to a shell?

Scenario:
Many embedded devices (running Linux) out in the fields, behind routers so NAT'd and we can't make connections to them.
We need for a support person to be able to initiate a terminal/shell session on any of the devices.
Their local terminal will also be NAT'd behind a corporate firewall, so we need some central "meeting point" that both they and the device can connect to.
If necessary, we could require the support person to log into some sort of terminal server, but I'd prefer a solution that just popped up a terminal window on their desktop.
We can (through other means) tell the device to execute some arbitary script or application to start up the session.
Without the NAT, it's just SSH to the device and away we go. But what are my options in this NAT'd environment?
We're OK to develop code at either end or at the meeting point server if required, but obviously if there are apps out there so we don't have to write stuff, even better.
Pointers to other questions I may have missed (although I have looked) or to applications that I should consider for the central "meeting point" server welcomed
How about simply setting up an ssh server that is reachable by both the device and the support user, and have the device set up a reverse tunnel (using remote port forwarding)?
ssh -R 10022:localhost:22 device#server
Then the support personnel can simply connect to the server and log on using
ssh -p 10022 localhost
Of course there are several security aspects that need to be accounted for here, depending on what kind of information the devices hold/have access to and how the support organization is set up.
SSH is an adequate tool for this. You will, as you say, need a middle-man server. But it would be very easy to set up, assuming that your 'other means of executing a script' are remote and can be executed from your office.
So, fire up a new server on a global IP (an Amazon AWS micro node is free for a year and would do the job just fine), and install an ssh deamon. Say it has the hostname middleman.example.org.
The script to put onto your embedded devices would look like;
#!/bin/bash
ssh -i ./middle_id.pem -R 22:localhost:2222 middleuser#middle.example.org
(The private key authentication would be a way of making the login non-interactive)
The script to put onto your desktop machines would look like; (assuming the argument $1 is the IP of the embedded device, and that prod_remote_device.sh executes the above script on the chosen embedded device.)
#!/bin/bash
./prod_remote_device.sh $1
ssh -i ./device_id.pem deviceuser#middle.example.org:2222
And that should forward your connection to the embedded device.
In order to make it bind to all interfaces, use:
ssh -N -R 0.0.0.0:2222:localhost:22 root#example.com
Don't forget to edit /etc/ssh/sshd_config and go to GatewayPorts and enable it and set it to yes.
And Then connect to it from any Loopback or Ethernet interface.

Resources