Today I realized I should use port forwarding on OpenSSH. Here is what I do.
Connect using Citrix to the Windows server, and then use Putty to connect to the FreeBSD sensor.
On the FreeBSD sensor, use OpenSSH to connect to a system I control running an OpenSSH server. Call this box janney.taosecurity.com.
sensor$ ssh -R 2222:localhost:22 email@example.com
On janney, connect to port 2222 on localhost. I am now on the remote sensor.
janney$ ssh -p 2222 user@localhost
That's it. Now I can enjoy an OpenSSH session, instead of an OpenSSH session inside a Citrix window.
Chapter 18 of Debian GNU/Linux 3.1 Bible clued me in to a more interesting scenario. Imagine three hosts, Alpha, Bravo, and Charlie. Alpha can talk to Bravo but not Charlie, and Charlie can talk to Bravo but not Alpha. Is there a way for Alpha and Charlie to talk directly to each other, through Bravo? With OpenSSH port forwarding, the answer is yes.
On host Alpha, run this command. It takes any input to port 2223 on Alpha and sends it to port 2222 on Bravo.
Alpha$ ssh -L 2223:localhost:2222 Bravo
On host Charlie, run this command. It takes any input from port 2222 on Bravo and sends it to port 22 on Charlie.
Charlie$ ssh -R 2222:localhost:22 Bravo
Finally, again on host Alpha (in a new terminal), to access Charlie from Alpha, run this command. By connecting to port 2223 on Alpha, the traffic is sent to port 2222 on Bravo, and from there to 22 on Charlie.
ssh -p 2223 localhost
This sort of access could be helpful when evading network access controls.