Re: ssh behind firewall

From: foofoo2 (haha2_at_dayday.com)
Date: 04/13/04


Date: 13 Apr 2004 16:00:28 GMT

Thanks.

Egor Kobylkin <egork@iname.com> wrote in
news:c5f8br$vth8$1@ID-109693.news.uni-berlin.de:

> Subject: Re: ssh behind firewall
> From: Egor Kobylkin <egork@iname.com>
> Newsgroups: comp.security.ssh
> Reply-To: egork@iname.com
>
> foofoo2 wrote:
>> and want to ssh to
>> my home computer while I'm in office. But , it failed, and it seems
>> that the my office's firewall block the ssh traffic.
>
> YOU HAVE TO KNOW WHAT YOU ARE DOING AS YOU CAN POSSIBLY VIOLATE YOUR
> SECURITY GUIDELINES AT WORK BY BYPASSING THE FIREWALL!
> I hereby disclaim all responsibility for this hack. If it backfires on
> you in any way whatsoever, that's the breaks. Not my fault. If you
> don't understand the risks inherent in doing this, don't do it. If you
> use this hack and it allows vicious vandals to break into your
> company's computers and costs you your job and your company millions
> of dollars, well that's just tough nuggies. Don't come crying to me.
> (text taken from httptunnel site)
>
> You could try setting sshd to run on port 80 on your home computer
> (may be your firewall only keeps the port 80 open).
>
> If that does not work for you, you could create an http tunnel and
> then go with ssh over it.
> http://www.nocrew.org/software/httptunnel.html
>
> after you have installed it on both computers
>
> at work do
> - install ssh
> - use buldtunnel.sh as normal user.
> ##############cut here##################
> #!/bin/bash
> #cleaning up in case previous connection debris is still there
> for pid in `ps -ef|grep 'ssh\ '|awk '{print($2)}'`; do kill "$pid";
> done for pid in `ps -ef|grep 'htc\ '|awk '{print($2)}'`; do kill
> "$pid"; done /usr/local/bin/htc --forward-port 2200
> --strict-content-length -B 5k --max-connection-age 1000 --proxy
> your_proxy_at_work:port your_home_computer:PORT
> ###############cut here#################
> and then log in with
> /usr/bin/ssh your_login_on_home_computer@localhost -p 2200
>
> at home put under cron as root the following script
> ##############cut here##################
> #!/bin/bash
> #cleaning up in case previous connection debris is still there
> for pid in `ps -ef|grep 'sshd\ '|awk '{print($2)}'`; do kill "$pid";
> done for pid in `ps -ef|grep 'hts\ '|awk '{print($2)}'`; do kill
> "$pid"; done sleep 3
> sshd
> sleep 3
> # port number at home should probably set to 80 for you to get through
> # firewall at work
> hts --forward-port localhost:22 --strict-content-length PORT
> ###############cut here#################
> You have to run the script at home every now and then as the
> connection can be broken by your firewall and I have not found any
> better way to restore it but restart servers.
>
>
> --
> Egor Kobylkin
> Emails welcome in English, German, Russian and Spanish
> GPGKey www.geocities.com/egor_kobylkin/EgorKOBYLKIN2004.txt
>
>



Relevant Pages

  • Re: ssh behind firewall
    ... > the my office's firewall block the ssh traffic. ... SECURITY GUIDELINES AT WORK BY BYPASSING THE FIREWALL! ... You could try setting sshd to run on port 80 on your home computer (may be ... #cleaning up in case previous connection debris is still there ...
    (comp.security.ssh)
  • Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?
    ... >> I start by not giving logins and SSH access to users I don't trust. ... a network topology which goes around the ... >> firewall and thus is a serious hole to network security. ... >> have access via UPnP to, well, anything that device might happen to ...
    (Firewall-Wizards)
  • Re: ssh attempts
    ... the excellent iptables firewall you probably already have on your system. ... consider changing the port SSH listens on. ... Login to account webmaster not allowed or account non-existent. ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
  • Re: mpich and iptables firewall?
    ... to me it seems a very weird setup to have a firewall running ... on the cluster nodes. ... Using SGE you could disable rsh and ssh completely ... Chain FORWARD ...
    (comp.parallel.mpi)
  • Re: Problems with ipfw and ssh
    ... I get this error when updating my firewall rules via ssh. ... ${addcmd} 50 allow all from any to any via lo0 ... debug1: PAM: cleanup ...
    (freebsd-questions)