We’re going to deploy info screens in various places. They have a browser running and pull the info via HTTP. To reconfigure them, it would be useful if they connected to a central host from where we could open SSH or VNC sessions. They are not reachable from outside and we wouldn’t know their address anyway. And before you ask, yes we have permission to place the screens and this botnet is totally legit.
I found
autosshwhich addresses the main problem of getting the machines connected. Ideally though I would prefer a tool where the machines do not need login authorization on the central host. It would also be nice to have a list of running screens too.
Answer
If the nodes are not authenticated on the central server in any way, then it means anybody can connect to that central server and pretend to be a node. That can certainly not be what you want.
But you can limit what privileges the nodes get on the central server. They only needs access to port forwarding. So you can limit their access to other features. For example each line in authorized_keys can make use of the command keyword to prevent them from getting shell access.
Attribution
Source : Link , Question Author : sba , Answer Author : kasperd
