redteaminfra / redteam-infra

100 stars 25 forks source link

Backflip Correlation via SSH Public Key #114

Open devzspy opened 3 months ago

devzspy commented 3 months ago

This is the other work required originally from #70

We will still need to automatically allow connections on port 2222 to proxy0X from middles.

We still need to figure out a way to avoid having the same fingerprint across all the edge nodes that ahre the same proxy sshd key fingerprint.

Per @willk in #70

The backflip role should be changed. The user should be able to specify how many backflips they would like by either port number or with a count of how many they would like (not necessarily both). For each port/count a new host keypair should be generated along with a unique sshd_config that listens on one of those ports.

E.g. I want to have 3 edges, each listening on one of the following ports 1433, 3306, or 8080. I would specify that in my variables for the role. Ansible then would generate new host keypairs like ssh_host_ed25519_key_1433, ssh_host_ed25519_key_1433.pub, ssh_host_rsa_key_1433, ssh_host_rsa_key_1433.pub, and an sshd_config file called sshd_1433. It would do that for each of the ports. Next for each of the ports a different systemd unit file would be created, installed and run that uses the unique sshd_config.

Another option could be to use docker compose with something like https://github.com/linuxserver/docker-openssh-server. You then could specify how many ports you would like either by number of port or specify port numbers and docker compose could handle forwarding your ports into the docker container on port 22.