reverse ssh
Moish
moish at mln.co.il
Sun Jul 20 12:53:32 IDT 2014
On 20/07/2014 12:45, geoffrey mendelson wrote:
> On 7/20/2014 12:03 PM, Erez D wrote:
>> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan <kaplanlior at gmail.com>
>> wrote:
>>> ssh itself ?
>>>
>>> http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
>> nice, however this requires me to give access to my server, which i do
>> not want ...
>> (or, can i give people permission to ssh to my server only for reverse
>> tunnels and no shell ?)
> What I did is to run a second SSH server listening on a port that no
> one would expect SSH connections and ONLY allow connections with key
> exchanges. So someone could connect to that port randomly or with a
> scan, but would be unable to do anything with it.
>
> The regular SSH server, which ran on port 22, allowed much looser
> connections, root connections, etc, but port 22 was NOT forwarded out
> the firewall. This allowed me to do RSYNC, etc locally as root or a
> user with no restrictions.
> Once the SSH connection is established, it can be used to tunnel
> anything.
>
> Geoff.
>
Well, that's the essence of port knocking, isn't it :)
--
Moish
More information about the Linux-il
mailing list