Feature Request: SSH Tunnel with no authentication
Created by: Speeddymon
I've written a detailed description of the feature request in the Remmina Forum on SourceForge: https://sourceforge.net/apps/phpbb/remmina/viewtopic.php?f=2&t=230
To summarize, my company (a hosting company) uses two factor authentication for logging into our internal servers. This is setup both in Windows and Linux. They also have customer machines on a separate physical network, with so-called "jump host" machines that are connected to both networks to facilitate connections between the two on the back end, so that we can firewall off SSH and RDP from the public internet.
In order to connect to linux machines, this is easy; I can setup an SSH tunnel (~/.ssh/config ProxyCommand) to the jump host machine, which then uses ssh -W to forward the connection over to the remote machine. Using this setup, I also have connection sharing and persistence (~/.ssh/config ControlMaster and ControlPersist) so that when I connect to the jump host machine, I only need to enter my internal credentials once, and then any connections I forward through that jump host utilize the already existing connection to the jump host, which means that authentication is bypassed:
[speeddy@ProductionVM ~]$ ssh -vvv jumphostmachine OpenSSH_5.9p1, OpenSSL 1.0.0j-fips 10 May 2012 debug1: Reading configuration data /root/.ssh/config debug1: /root/.ssh/config line 12: Applying options for jumphostmachine debug1: /root/.ssh/config line 30: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 50: Applying options for * debug1: auto-mux: Trying existing master debug2: fd 3 setting O_NONBLOCK debug2: mux_client_hello_exchange: master version 4 debug3: mux_client_request_forwards: requesting forwardings: 0 local, 0 remote debug3: mux_client_request_session: entering debug3: mux_client_request_alive: entering debug3: mux_client_request_alive: done pid = 1788 debug3: mux_client_request_session: session request sent debug1: mux_client_request_session: master session id: 2 Last login: Thu Jul 12 18:31:12 2012 from ip.ip.ip.ip Authorized Users Only. Activity may be monitored.
Unfortunately, for Windows, using Remmina, this does not work, because Remmina tries to authenticate (using password authentication), rather than using the already existing connection and bypassing the authentication.
I'd like to see a new ability for Remmina to use the unix socket created by the ssh ControlMaster option, so that authentication is bypassed, and a "None" radio button in the Authentication section on the SSH tab for connections. That way, Remmina would bypass SSH authentication when the connection it makes is a shared connection. It would still use Windows Authentication in the Basic tab, and so would still supply the Windows username and password.