Bastion SSH? This new-finagle “airgapt” makes GatewayPorts sshd_option setting of OpenSSL kinda useless?
My code review notes says:
# GatewayPorts specifies whether remote hosts are
# allowed to connect to ports forwarded for the
# client. By default, sshd(8) binds remote port
# forwardings to the loopback address. This prevents
# other remote hosts from connecting to forwarded
# ports. GatewayPorts can be used to specify that sshd
# should allow remote port forwardings to bind to
# non-loopback addresses, thus allowing other hosts to
# connect. The argument may be no to force remote port
# forwardings to be available to the local host only,
# yes to force remote port forwardings to bind to the
# wildcard address, or clientspecified to allow the
# client to select the address to which the forwarding
# is bound.
#
# CLI option: -o
# options.fwd_opts.gateway_ports/channel_fwd_bind_addr()/channel_setup_fwd_listener_tcpip()/channel_setup_remote_fwd_listener()
# options.fwd_opts.gateway_ports/channel_fwd_bind_addr()/channel_setup_fwd_listener_tcpip()/channel_setup_local_fwd_listener()
# GatewayPorts defaults to 'no'.
Usually bastions are just allowing one SSH server on your VPC/network and every SSH connection going through it.
I still actually haven't found similar projects to mine.