This is a game changer. I have a bastion host in certain environments I never realized AWS has built in kit to achieve this sort of thing. I assume the key product here is SSM?
Correct. It’s not always this simple though, you also need an IAM profile that the EC2 instance can assume with the required permissions. Depending on how you configure your NAT Instance/Gateway, you may also need to whitelist the ssm service.
> Tunshell could also be used as an exploitation tool to gain unauthorized access to remote hosts. Personally, I hope that this tool is not misused for nefarious purposes. If it becomes apparent that tunshell is helping malicious actors go about their activities, the free service will be discontinued.
It seems the author already though about that. Well, don't we all here have the Security Mindset (TM)? [1]
Main issue I have with this is the requirement for some binary to establish the shell connection, where you can get by just fine with a bidirectional TCP stream.
I’ve been doing something similar to this for a while, but just by using netcat on an externally routable server. Then, I created a TCP relay server that acts as a link between a TCP connection and WebSocket to replace it [0].
You can use this to open reverse shells over tcp, redirect output to a socket, etc. and it’ll all be available through a browser page.
My personal favorite use is something like: `htop | tee >(nc host port)`, which redirects and prints command output to a web page that you can share with anyone. The beauty of this route over something like Tunshell is that your client implementation decides what to do with the socket and can just treat is as a bidirectional stream. There’s another service that provides similar functionality but doesn’t have the bidirectionality and stores the stream [1].
If you want to use it as a tmate alternative, just write a client that does just that [2]. Now you can control whether or not people can write to your session, share any command, and all your peer needs to access the session is a browser.
I think Tunshell definitely has some cool features (direct connection, multi protocol, small statically linked bin) and I will still likely find a way to use it though!
> The use case for tunshell is predominantly quick, ad-hoc remote access to hosts which you may not have SSH access to, or even the ability to install an SSH daemon at all.
They mention GitHub Actions, BitBucket Pipelines, AWS Lambda and Google Cloud Serverless Functions as target usage areas for this tool.
