...
- A local home directory for the 'glastops' account is created on dcm2.
- The NIS home directory setting for 'glastops' is overridden on dcm2 by adding a record to the /etc/passwd file.
- SSH Protocol-2 RSA and DSA key-pairs are created for the glastops account on dcm2, and the public keys are added to ~/.ssh/authorized_keys2 for glastops on both glast02 and lat-dmz0x.
- A SysV-style boot-time script is installed in /etc/init.d on dcm2 to invoke the individual autossh-wrapped ssh client instances for each forwarded service.
- The -R invocation is used to create the tunnels between dcm2 and lat-dmz0x.
- The -L invocation is used for the tunnels between dcm2 and glast02.
- For each service, the destination port of the -R tunnel with lat-dmz0x corresponds to the originating port of the -L tunnel with glast02.
The
...
following options must be edited / added to /etc/ssh/sshd_config on lat-dmz0x:
- "AllowTcpForwarding yes"
- "GatewayPorts yes" both dcm2 and lat-dmz0x to cause the forwarding ports to bind to IN_ADDR_ANY rather than the loopback address, and thus make the forwarded ports available externally on the forwarding hosts.
The boot-time script is as follows:
...