Sharing a Terminal Session Between 2 Users Behind a Firewall

Imaging that you have 2 users both using Ubuntu 10.04: UserA@HostA and UserB@HostB. HostB is behind a firewall, and UserA would like to SSH into HostB and share a terminal with UserB to collaborate on some kind of task. This article will attempt to explain how to do this.

  1. Make sure both users have SSH access to a "middle" server. We will call this HostC...

    root@HostC$ sudo useradd -m -s /bin/bash UserA
    root@HostC$ sudo useradd -m -s /bin/bash UserB
  2. Install OpenSSH Server on HostB...

    UserB@HostB$ sudo apt-get install ssh

    Keep in mind that this could cause potential security issues, so you should also familiarize yourself with how to secure OpenSSH server. Specifically, make sure you disable the "PermitRootLogin" option.

  3. Install GNU Screen on HostB and setuid root for GNU Screen...

    UserB@HostB$ sudo apt-get install screen
    UserB@HostB$ sudo chmod u+s /usr/bin/screen
    UserB@HostB$ sudo chmod -R 755 /var/run/screen
  4. Add a new user on for UserA@HostB...

    UserB@HostB$ sudo useradd -m -s /bin/bash UserA
    UserB@HostB$ sudo passwd UserA

    Be sure to remember the password for UserA which was set here.

  5. Have UserB SSH into HostC, setting up a remote forward...

    UserB@HostB$ ssh -R 20022:localhost:22 UserB@HostC

    UserB will need to keep this terminal window open, but will not need to enter commands here.

  6. Have UserA SSH into HostC.

    UserA@HostA$ ssh UserA@HostC
  7. Now, from HostC, have UserA SSH into HostB...

    UserA@HostC$ ssh -p 20022 UserA@localhost

    Keep in mind that UserA will be asked for a password at this point. This will be the password which was set earlier.

  8. At this point, UserA should now be logged in to HostB. Now UserA will need to setup a named screen session.

    UserA@HostB$ screen -S foobar
    UserA@HostB$ screen -X multiuser on
    UserA@HostB$ screen -X acladd UserB
  9. In a new terminal window, on HostB, have UserB join the screen session...

    UserB@HostB$ screen -x UserA/foobar

At this point, both users will share a terminal session on HostB.

If you plan on doing this often, you should familiarize yourself with iptables so as to properly setup a firewall for added security.

No comments: