ssh tunnel on demand provides a script that creates an SSH tunnel on demand.
ssh tunnel on demand is a script that makes it possible for a user to create an SSH tunnel to a server and connect to it without needing an account on the box or any experience with SSH.
It was written for users that wanted to connect to Usermin at a remote site. Users enter information into a Web form and the server then connects an SSH tunnel to the remote Usermin server and redirects the browser through the tunnel.
Requirements:
· Apache (tested with version 2)
· PHP (tested with version 4)
· Screen (tested with version 4)
HowTO:
1) Configure apache to use PHP
2) Put this file in the webroot
3) create a dumb user:
# useradd dumb -s /bin/bash -d /home/dumb
# passwd dumb
# mkdir -p /home/dumb/.ssh
# chown -R dumb /home/dumb
4) Edit the apache user (usually either apache or nobody):
give the apache user a home directory
# mkdir -p /home/http/.ssh
# chown -R dumb /home/http
give apache a shell (this is only temporary) such as bash
5) Do a key exchange between the apache user and the dumb users:
# su - apacheuser (whatever it is)
# ssh-keygen -t dsa -f ~/.ssh/id_dsa -C "apache@127.0.0.1"
DONT PASSWORD THE KEY. JUST HIT ENTER WHEN PROMPTED
# scp ~/.ssh/id_dsa dumb@127.0.0.1:.ssh/
ENTER THE dumb USERS PASSWORD
# cat ~/.ssh/id_dsa.pub | ssh dumb@127.0.0.1 'cat - >> ~/.ssh/authorized_keys'
ENTER THE dumb USERS PASSWORD
6) Edit the apache user and change the shell back to whatever it was (/bin/false or /sbin/nologin or whatever)
7) To have the tunnel close after a certian time, edit your sshd servers config file
to an appropriate timeout.
Product's homepage
Find us on Google+
