Re: Reverse SSH tunelling

From: Graeme Hinchliffe (graeme.hinchliffe_at_zeninternet.co.uk)
Date: 08/27/04

  • Next message: Mathieu Desnoyers: "Re: Reverse SSH tunelling"
    To: Raistlin Majere <raistlin@majere.net>, focus-linux@securityfocus.com
    Date: Fri, 27 Aug 2004 09:10:30 +0100
    
    

    On Thu, 2004-08-26 at 03:50, Raistlin Majere wrote:
    > Hi All,
    >
    > I need some advice .. I have a situation where about fifty servers will
    > be located in fifty sites that cannot allow services to be hosted. These
    > servers will be in private network space behind firewalls. I can use
    > them to 'scp' files out to a common home base server, but sometimes I
    > need to access a command line console on these servers. I am thinking of
    > having a hourly cron job ssh out to my home base server and leaving that
    > tunnel open so that I can access that console, but am looking for the
    > specific way of doing this. Security os pf the utmost concern, so I need
    > some sort of encrypted tunnel, hence the thought of ssh, but I don't
    > know how to do this 'reverse' tunnel... I was also thinking of a 'free
    > swan' vpn tunnel ..

    It's pretty simple, I use a similar solution to get into my work
    machine. As it is firewalled off incomming connections cannot be made,
    however it can make connections out. The way I have it setup tho is
    that my works machine triess to wget a file from my home machine every
    minute, if it does it brings up the tunnel. But then I need this access
    quickly when something breaks, and leaving a tunnel open isn't possible
    as our firewall kills off the connection after it has been idle for a
    while.

    anyway the ssh syntax I use is:

    /usr/bin/ssh -1 -R 5000:127.0.0.1:5000 graeme@homemachine.domain.com

    which basically says dig a tunnel to my homemachine. then listen on
    port 5000, any connections made to that port forward to host 127.0.0.1
    on port 5000 from the local machine (which in this case is my work
    machine).

    I have ssh listening on port 5000 on my work machine, so it catches when
    I ssh up the tunnel and I can login.

    simple eh.

    -- 
    -----
    Graeme Hinchliffe (BSc)
    Core Internet Systems Designer
    Zen Internet (http://www.zen.co.uk/)
    Direct: 0845 058 9074
    Main  : 0845 058 9000
    Fax   : 0845 058 9005
    

  • Next message: Mathieu Desnoyers: "Re: Reverse SSH tunelling"

    Relevant Pages

    • Re: Real Survivalists Dont Do Windoze
      ... I'm on a Red Hat Linux laptop running TightVNC over a ssh tunnel ... 'Source port' is your port of choice for your VNC-client to connect. ...
      (misc.survivalism)
    • Re: Real Survivalists Dont Do Windoze
      ... I'm on a Red Hat Linux laptop running TightVNC over a ssh tunnel ... 'Source port' is your port of choice for your VNC-client to connect. ...
      (misc.survivalism)
    • Re: Reverse Shell?
      ... >> behind a firewall so I can't ssh into their computer. ... > follow the tunnel back to their machine and then help them. ... Connections to that port will be forwarded through the ...
      (Debian-User)
    • RE: Tunneling over ssh with termination by the FW
      ... I would use something like Putty (ssh client software) to open a secure ... tunnel with the firewall. ... If the firewall has the sshd running on port ...
      (SSH)
    • Re: Real Survivalists Dont Do Windoze
      ... I'm on a Red Hat Linux laptop running TightVNC over a ssh tunnel ... 'Source port' is your port of choice for your VNC-client to connect. ...
      (misc.survivalism)