Unattended SSH bridging for Jetson TX1

We have recently received a marvelous NVidia Jetson TX1 and we needed to access it remotely for some tests. Unfortunately due to the local network configuration we cannot access it directly via SSH. Instead of using VPN I have configured an automatic SSH access that is used to remotely access the board via SSH.

The utility https://github.com/apenwarr/sshuttle
can be used for this purposes. This post discusses the approach without sshuttle.


Structure


We have the following machines:

  • A: Jetson board or in general the private network machine to be reached - with SSH server
  • B: public server B visible from A  - with SSH server
  • C: user client machine outside the network that wants to access A
In terms of user we have:
  • UA user of A 
  • UB user of B
  • UC user of C not used

Using SSH we will perform:

  • A connects to B and exposes incoming port 22 of A as port 2200 of B
  • C connects to B and maps C port 2200 to port 2200 B
  • C connects to localhost at port 2200 effectively logging into A SSH using UA credentials
The machine in B is acting as a proxy

Encrypted content between A and B is transferred over other two encrypted connection A-B and B-C.

Setup on A

Connection to B and mapping
  • ssh -R 2200:127.0.0.1:22  UB@B
We will use key based access for simplifying this connection

Usage from C

Connection to B, and then usage

  • ssh -L 2200:127.0.0.1:2200 # kept open
  • ssh -p 2200 UA@127.0.0.1
We will use key based access for simplifying this connection

Automation

The automatic connection from A to B is created by placing a script in the /etc/network/if-up.d folder with a check for multiple executions:

#!/bin/bash
logger Starting SSH bridge
pgrep -f sshbridge || sudo -u UA screen -S sshbridge -dm ssh -R 2200:127.0.0.1:22  UB@B

(The -f flag of pgrep tells to look into the command line)

The bridge should be killed when interface goes down (if-down.d) using:

pgrep -f sshbridge | xargs kill

Limitation: if the ssh connections in A or C die we are not respawning them

Comments

Popular posts from this blog

Docker for our ROS robotic overlords

cmakego: Simpler access to external libraries in CMake

Algebrical Data Types in C++