Re: Reverse SSH tunelling
From: Graeme Hinchliffe (graeme.hinchliffe_at_zeninternet.co.uk)
Date: 08/27/04
- Previous message: Andres Riancho: "Re: Reverse SSH tunelling"
- In reply to: Raistlin Majere: "Reverse SSH tunelling"
- Next in thread: Mathieu Desnoyers: "Re: Reverse SSH tunelling"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Raistlin Majere <raistlin@majere.net>, focus-linux@securityfocus.com Date: Fri, 27 Aug 2004 09:10:30 +0100
On Thu, 2004-08-26 at 03:50, Raistlin Majere wrote:
> Hi All,
>
> I need some advice .. I have a situation where about fifty servers will
> be located in fifty sites that cannot allow services to be hosted. These
> servers will be in private network space behind firewalls. I can use
> them to 'scp' files out to a common home base server, but sometimes I
> need to access a command line console on these servers. I am thinking of
> having a hourly cron job ssh out to my home base server and leaving that
> tunnel open so that I can access that console, but am looking for the
> specific way of doing this. Security os pf the utmost concern, so I need
> some sort of encrypted tunnel, hence the thought of ssh, but I don't
> know how to do this 'reverse' tunnel... I was also thinking of a 'free
> swan' vpn tunnel ..
It's pretty simple, I use a similar solution to get into my work
machine. As it is firewalled off incomming connections cannot be made,
however it can make connections out. The way I have it setup tho is
that my works machine triess to wget a file from my home machine every
minute, if it does it brings up the tunnel. But then I need this access
quickly when something breaks, and leaving a tunnel open isn't possible
as our firewall kills off the connection after it has been idle for a
while.
anyway the ssh syntax I use is:
/usr/bin/ssh -1 -R 5000:127.0.0.1:5000 graeme@homemachine.domain.com
which basically says dig a tunnel to my homemachine. then listen on
port 5000, any connections made to that port forward to host 127.0.0.1
on port 5000 from the local machine (which in this case is my work
machine).
I have ssh listening on port 5000 on my work machine, so it catches when
I ssh up the tunnel and I can login.
simple eh.
-- ----- Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005
- Previous message: Andres Riancho: "Re: Reverse SSH tunelling"
- In reply to: Raistlin Majere: "Reverse SSH tunelling"
- Next in thread: Mathieu Desnoyers: "Re: Reverse SSH tunelling"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
