A proxy for remote forwards
- Host connects to Reflektor with
ssh -o 'RemoteForward localhost:y:localhost:z'
- User gains local access to tcp ports on Host with
ssh -o 'LocalForward localhost:x:localhost:y' user@reflektor
- or, assuming z is the port where sshd is listening on Host, User connects
to sshd running on Host with
ssh -o 'ProxyCommand ssh -W localhost:y user@reflektor'
reflektor is a methodology to configure an OpenSSH server that grants access to services published by remote hosts, where only authorized users can access remote forwards, and only authorized hosts can create remote forwards.
- Expose any tcp service behind a NAT or firewall to authorized users
- Adding public key authentication to any tcp service
- Running networked services on hosts that are firewalled off from the internet