0

I use an old server, that has not been updated and that cannot be updated.

The OS is FreeBSD, there is no Python, obviously Ansible, and no sshpass.

I access this old server from my personal computer using Ansible and ssh. Both of them (my computer and the old servers are communicating via a VPN).

The old server is in a network that has different (many) clients to whom I want to send files using SCP.

There is no DNS (I really cannot make one).

Knowing that I cannot reach the clients directly (I really can't), I have to establish a ssh connection (I really have to) between the old server and the clients. Once done I will be able to use my Ansible playbooks which are on my computer to make the old server send a file to its clients using a shell script.

Unfortunately ssh-copy-id and ssh @ won't work automatically. Manually I would have be prompted with a question about the fingerprint that will need a manual "yes" input and validation.

Or I will be asked to enter the user password.

I want to avoid that.

One idea that I have had is that it would be great if there was a Linux command like a kind of ping that could tell the client: "Hey! I know your IP address. Please initiate (by yourself) a connection with me using 'ssh old_server_user@old_server_IP' and don't worry I agree whoever you are, whoever you look like, whatever your signature is!"

Is it possible?

CéCode
  • 1
  • 1
    You can avoid the fingerprint question by switching off strict host checking https://askubuntu.com/questions/87449/how-to-disable-strict-host-key-checking-in-ssh, but if the clients require authentication, you need to authenticate in order to remote-control them. – berndbausch Feb 14 '21 at 03:49

2 Answers2

0

Have you tried making ansible use your old freebsd host to be it's jump server ?

Something like this one https://blog.ruanbekker.com/blog/2020/10/26/use-a-ssh-jump-host-with-ansible/

hunter86_bg
  • 72
  • 3
0

Have you tried Loca Port Forwarding for your ssh to the old server?

ssh -L 2222:REMOTE_CLIENT_IP:22 USER@OLD_SERVER_IP

This tells to ssh that tunnels any connection to port 2222 of your localhost to the old server and the old server forwards that connection to port 22 of the REMOTE_CLIENT_IP and gets the response back to you.

What is an SSH tunnel?

Then you can ssh to the remote client using this command:

ssh -p 2222 REMOTE_CLIENT_USER@localhost

Also, have a look at SSH tunnel via multiple hops

M.A. Heshmat Khah
  • 113
  • 1
  • 6