reverse ssh
geoffrey mendelson
geoffreymendelson at gmail.com
Sun Jul 20 12:45:55 IDT 2014
On 7/20/2014 12:03 PM, Erez D wrote:
> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan <kaplanlior at gmail.com> wrote:
>> ssh itself ?
>>
>> http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
> nice, however this requires me to give access to my server, which i do
> not want ...
> (or, can i give people permission to ssh to my server only for reverse
> tunnels and no shell ?)
What I did is to run a second SSH server listening on a port that no one
would expect SSH connections and ONLY allow connections with key
exchanges. So someone could connect to that port randomly or with a
scan, but would be unable to do anything with it.
The regular SSH server, which ran on port 22, allowed much looser
connections, root connections, etc, but port 22 was NOT forwarded out
the firewall. This allowed me to do RSYNC, etc locally as root or a user
with no restrictions.
Once the SSH connection is established, it can be used to tunnel anything.
Geoff.
--
Geoffrey S. Mendelson 4X1GM/N3OWJ
Jerusalem Israel.
More information about the Linux-il
mailing list