Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backflip Correlation via SSH Public Key #114

Open
devzspy opened this issue Aug 14, 2024 · 0 comments
Open

Backflip Correlation via SSH Public Key #114

devzspy opened this issue Aug 14, 2024 · 0 comments
Labels
enhancement New feature or request opsec

Comments

@devzspy
Copy link
Contributor

devzspy commented Aug 14, 2024

This is the other work required originally from #70

We will still need to automatically allow connections on port 2222 to proxy0X from middles.

We still need to figure out a way to avoid having the same fingerprint across all the edge nodes that ahre the same proxy sshd key fingerprint.

Per @willk in #70

The backflip role should be changed. The user should be able to specify how many backflips they would like by either port number or with a count of how many they would like (not necessarily both). For each port/count a new host keypair should be generated along with a unique sshd_config that listens on one of those ports.

E.g. I want to have 3 edges, each listening on one of the following ports 1433, 3306, or 8080. I would specify that in my variables for the role. Ansible then would generate new host keypairs like ssh_host_ed25519_key_1433, ssh_host_ed25519_key_1433.pub, ssh_host_rsa_key_1433, ssh_host_rsa_key_1433.pub, and an sshd_config file called sshd_1433. It would do that for each of the ports. Next for each of the ports a different systemd unit file would be created, installed and run that uses the unique sshd_config.

Another option could be to use docker compose with something like https://github.com/linuxserver/docker-openssh-server. You then could specify how many ports you would like either by number of port or specify port numbers and docker compose could handle forwarding your ports into the docker container on port 22.

@devzspy devzspy added enhancement New feature or request opsec labels Aug 14, 2024
@devzspy devzspy moved this to Backlog in Feature Release Aug 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request opsec
Projects
Status: Backlog
Development

No branches or pull requests

1 participant