RE: Reverse SSH tunelling

From: Tay, Gary (Gary_Tay_at_platts.com)
Date: 08/31/04


Date: Tue, 31 Aug 2004 18:13:29 +0800
To: "L0stm4n" <lostman@gmail.com>, "Raistlin Majere" <raistlin@majere.net>

Also http://www.harding.motd.ca/autossh/

-----Original Message-----
From: L0stm4n [mailto:lostman@gmail.com]
Sent: Saturday, August 28, 2004 4:35 AM
To: Raistlin Majere
Cc: focus-linux@securityfocus.com
Subject: Re: Reverse SSH tunelling

Check out this URL:

http://www.brandonhutchinson.com/ssh_tunnelling.html

you could probably combine that with key auth instead of passwords.

And instead of having them always trying to ssh in, you could setup a
file on a webserver and have them parse the file. if they see their
hostname in the file it means they should "call home". just have em
check that file every 5 minutes or so.

On Wed, 25 Aug 2004 22:50:54 -0400, Raistlin Majere
<raistlin@majere.net> wrote:
> Hi All,
>
> I need some advice .. I have a situation where about fifty
> servers will be located in fifty sites that cannot allow services to
> be hosted. These servers will be in private network space behind
> firewalls. I can use them to 'scp' files out to a common home base
> server, but sometimes I need to access a command line console on these

> servers. I am thinking of having a hourly cron job ssh out to my home
> base server and leaving that tunnel open so that I can access that
> console, but am looking for the specific way of doing this. Security
> os pf the utmost concern, so I need some sort of encrypted tunnel,
> hence the thought of ssh, but I don't know how to do this 'reverse'
> tunnel... I was also thinking of a 'free swan' vpn tunnel ..
>
> Thanks
>
> Raist
>
>



Relevant Pages

  • Analysis of SSH crc32 compensation attack detector exploit
    ... Analysis of SSH crc32 compensation attack detector exploit ... detector vulnerability to remotely compromise a Red Hat Linux ... Active Internet connections (servers and established) ...
    (Incidents)
  • Re: Agent Forwarding Question for the list
    ... I provided a suggestion (invoking ssh with -vvv) as to how to further troubleshoot the problem. ... I was determined to ask the experts in case it was a common mistake or something that simply is not possible under openssh. ... Say in the ideal setup for development servers I'd have a cronuser, scriptuser, monitoruser, cvsuser, and root all configured with my public key and that I could jump in and out of each not only from my own Linux Desktop, but through each user to each user on other servers in the development chain. ... After reading all the documentation and FAQs I could find, I had assumed ssh-agent on the desktop and agent forwarding on the servers would be sufficient, but something is blocking the forwarding, or I'm way off and this isn't how it's meant to work. ...
    (SSH)
  • Re: create a SSH connection without password WITH EXPECT
    ... connection by ssh on a distant server but it doesnt work. ... from every servers on a single syslog daemon. ... set Host [lindex $argv 0] ...
    (comp.lang.tcl)
  • Weird networking problem
    ... We're experiencing som extremely weird networking problems at our ... I was unable to SSH into the Sun servers at our ... been changed on the switch, the firewall, servers or office PC's) ...
    (comp.sys.sun.admin)
  • RE: ssh allowing root login with no password (Solved)
    ... ssh allowing root login with no password ... I was able to get to these servers from my own ... file would allow a login with no private key or password. ...
    (RedHat)