Re: Reverse SSH tunelling

From: Andres Riancho (andresit_at_fibertel.com.ar)
Date: 08/28/04

  • Next message: Graeme Hinchliffe: "Re: Reverse SSH tunelling"
    To: "Raistlin Majere" <raistlin@majere.net>, <focus-linux@securityfocus.com>
    Date:	Fri, 27 Aug 2004 20:32:15 -0300
    
    

    Raistlin ,

        I have another idea thats more simple than yours , you should contact
    your firewall manager and ask him if there is a way to authenticate against
    the firewall (i know that Nokia Firewall-1 and Cisco Pix allow that) , once
    you authenticated with the firewall you have special rules to access
    services that are running on your servers. This services would be only
    reachable by an authenticated user.

    Andres Riancho

    ----- Original Message -----
    From: "Raistlin Majere" <raistlin@majere.net>
    To: <focus-linux@securityfocus.com>
    Sent: Wednesday, August 25, 2004 11:50 PM
    Subject: Reverse SSH tunelling

    > Hi All,
    >
    > I need some advice .. I have a situation where about fifty servers will
    > be located in fifty sites that cannot allow services to be hosted. These
    > servers will be in private network space behind firewalls. I can use
    > them to 'scp' files out to a common home base server, but sometimes I
    > need to access a command line console on these servers. I am thinking of
    > having a hourly cron job ssh out to my home base server and leaving that
    > tunnel open so that I can access that console, but am looking for the
    > specific way of doing this. Security os pf the utmost concern, so I need
    > some sort of encrypted tunnel, hence the thought of ssh, but I don't
    > know how to do this 'reverse' tunnel... I was also thinking of a 'free
    > swan' vpn tunnel ..
    >
    >
    > Thanks
    >
    > Raist
    >
    >


  • Next message: Graeme Hinchliffe: "Re: Reverse SSH tunelling"

    Relevant Pages

    • Need help to answer firewall question.....
      ... I manage the firewall in my company. ... network traffic will be like people carrying documents. ... Checkpoint does have resource rules that work with security servers to ... authenticate visitors-at-large from the Internet. ...
      (comp.security.firewalls)
    • need help to answer firewall question......
      ... I manage the firewall in my company. ... network traffic will be like people carrying documents. ... Checkpoint does have resource rules that work with security servers to ... authenticate visitors-at-large from the Internet. ...
      (comp.security.firewalls)
    • RE: Slow user logon on Terminal server after migration to Windows 2003
      ... The Terminal Servers are 2000 or 2003. ... "Inside the firewall zone" means that the Citrix Servers have a firewall ... available RPC ports? ...
      (microsoft.public.windows.server.active_directory)
    • Re: medical records, web server, & stateful firewall vs packet filter
      ... > image and SQL servers directly (the image server link in particular ... The image and SQL servers ... the 2 firewall layers should run different s/ware - the idea is that a major ... security always cost a lot more than you expect (this comes up whenever we ...
      (comp.dcom.sys.cisco)
    • Re: I have been hacked (WAS: Have I been hacked or is nmap wrong?)
      ... > console based ftp client. ... the FTP servers have? ... > They are really mail servers, at least smtp for outgoing mails ... If you're firewall was dropping incoming packets destined to ...
      (freebsd-questions)