Re: Reverse SSH tunelling
From: Abe (abe_at_abeowitz.com)
Date: 08/27/04
- Previous message: Raistlin Majere: "Reverse SSH tunelling"
- In reply to: Raistlin Majere: "Reverse SSH tunelling"
- Next in thread: L0stm4n: "Re: Reverse SSH tunelling"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Aug 2004 22:12:17 -0700 To: Raistlin Majere <raistlin@majere.net>
Raist,
I had a similar problem. I solved it by setting a flag file in a
central location that all the remote boxes could see.
1) Copy the appropriate SSH public keys across to your central admin
box. Add them to ~/.ssh/authorized_keys or authorized_keys2 files.
Make sure the remote client can connect to you without a password.
2) On a central FTP or HTTP site, set up a flag file. Mine is a simple
flag.html and contains a 0 or a 1.
3) For each client, write a cron script using wget or another tool to
automatically check either for the existence of this file, or specific
content. If the flag is set, then bring up a ssh connection. In
addition to grabbing a remote port, issue a sleep command. This will
keep the window of opportunity open.
Here's my cron script:
--------------------------------------------------------------
#!/bin/sh
# DELETE OLD FLAG FILE
rm /root/.ssh/flag.html
# GET NEW FLAG FILE
http_proxy=ncache.entp.attws.com:8080 /usr/local/bin/wget\
-q http://206.x.y.z/flag.html -O /root/.ssh/flag.html
read FLAG < /root/.ssh/flag.html
# IF FLAG FILE CONTAINS "1" THEN SETUP SSH CONNECTION, OTHERWISE EXIT
if test $FLAG -eq 1
then
exec /usr/bin/ssh -nfg -R 2222:127.0.0.1:22 -lroot 206.x.y.z -o\
keepalive=yes sleep 60
fi
-----------------------------------------------------------
The -R 2222:127.0.0.1:22 is what does the reverse trick. We grab port
2222 on the REMOTE machine and forward it to localhost:22
4) When you want to connect to a specific machine, set the flag file.
The remote cron will detect the flag and grab a port on your machine (2222).
5) Now you need to ssh to localhost port 2222, and end up on the remote
machine. You can add other ports to forward, too. The only problem
I've seen is ssh will be confused with ssh to localhost if you've
already ssh'd to it before. Simply remove it from your known_hosts file
or use 127.0.0.1.
6) When done, make sure you change the flag file back. Otherwise,
frequent ssh setup & teardowns will attract the attention of the
security folk...
I'd love to hear of a more elegant solution, maybe using ping or port
knocking. I did it this way so an hourly ssh session wouldn't raise
flags with the security guys, as well as getting through the firewall.
Ftp/Http is a little more subtle.
-Abe
- Previous message: Raistlin Majere: "Reverse SSH tunelling"
- In reply to: Raistlin Majere: "Reverse SSH tunelling"
- Next in thread: L0stm4n: "Re: Reverse SSH tunelling"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
