Re: Reverse SSH tunelling

From: Mathieu Desnoyers (compudj_at_krystal.dyndns.org)
Date: 08/27/04

  • Next message: Glynn Clements: "Re: Reverse SSH tunelling" 
    Date: Fri, 27 Aug 2004 09:37:00 -0400
To: Raistlin Majere <raistlin@majere.net>

    Well, OpenSSH manpages explains quite well the -R switch, which forwards any
    connexion made to the remote server port through an encrypted tunnel to the
    local machine at a given port.

    So, for instance, you could forward the remote port 222 to localhost 22 in the
    ssh you start in one of the firewalled servers you want to connect to.

    Here is a brief example :

    Your machine : Machine
    Firewalled server : XYZ

    XYZ command : ssh -R 222:localhost:22 Machine

    - This will bind Machine's port 222 to a tunnel which ends in a connexion to
      localhost (on XYZ) port 22.

    Then, all you have to do is to ssh to Machine, specifying port 222 (-p switch)
    (and maybe tell ssh not to worry about keys too much
    with -o StrictHostKeyChecking=no)

    And there you are connecting to your firewalled server.

    Keep in mind that starting an ssh session though a cron job could be a bad idea
    if you don't verify if the tunnel is already up first.

    Good luck!

    Mathieu Desnoyers

    * Raistlin Majere (raistlin@majere.net) wrote:
    > Hi All,
    >
    > I need some advice .. I have a situation where about fifty servers will
    > be located in fifty sites that cannot allow services to be hosted. These
    > servers will be in private network space behind firewalls. I can use
    > them to 'scp' files out to a common home base server, but sometimes I
    > need to access a command line console on these servers. I am thinking of
    > having a hourly cron job ssh out to my home base server and leaving that
    > tunnel open so that I can access that console, but am looking for the
    > specific way of doing this. Security os pf the utmost concern, so I need
    > some sort of encrypted tunnel, hence the thought of ssh, but I don't
    > know how to do this 'reverse' tunnel... I was also thinking of a 'free
    > swan' vpn tunnel ..
    >
    >
    > Thanks
    >
    > Raist
    >
    OpenPGP public key: http://krystal.dyndns.org:8080/key/compudj.gpg
    Key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68

  • Next message: Glynn Clements: "Re: Reverse SSH tunelling"

    Relevant Pages

    • Re: ipfw and nmap
      ... > even be correct but I have a bsd box that is simply providing me SSH ... add allow tcp from any to me 22 setup in via fxp0 keep-state ... Note too that there is nothing to prevent port scanners simply setting ... the 'SYN' flag in the probe packets they send to your server. ...
      (freebsd-questions)
    • Re: Remote Desktop directly to another computer on the network
      ... default port... ... And there is no reason for me to believe that ssh ... When I have a multibillion company I will use the key pair, ... WinSCP for that to access my home SSH server. ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: What is The SSH?
      ... Building and Using SSH Tunnels ... What is an SSH tunnel? ... how to use it to make a connection to a server. ... You will need a working SSH client and server installation to build and test ...
      (microsoft.public.windows.server.networking)
    • Re: need help for setting SSH Server for Windows XP
      ... In my windows firewall proper ports are opened. ... Changing from port 22 to ports 80, 443 also doesn't give any results. ... static LAN IP of the server PC. ... It is *NOT* a valid test to call the SSH server PC from another ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: Port Forwarding -- Checking to be sure I understand it
      ... They run an ssh ... server and VNC service. ... If you want to run the tunnel over some port other than 22 (the ... restrictive firewalls that deny all incoming connections and block most ...
      (comp.security.ssh)