reverse ssh

reverse ssh

Moish moish at mln.co.il
Sun Jul 20 12:53:32 IDT 2014


On 20/07/2014 12:45, geoffrey mendelson wrote:
> On 7/20/2014 12:03 PM, Erez D wrote:
>> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan <kaplanlior at gmail.com> 
>> wrote:
>>> ssh itself ?
>>>
>>> http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
>> nice, however this requires me to give access to my server, which i do
>> not want ...
>> (or, can i give people permission to ssh to my server only for reverse
>> tunnels and no shell ?)
> What I did is to run a second SSH server listening on a port that no 
> one would expect SSH connections and ONLY allow connections with key 
> exchanges. So someone could connect to that port randomly or with a 
> scan, but would be unable to do anything with it.
>
> The regular SSH server, which ran on port 22, allowed much looser 
> connections, root connections, etc, but port 22 was NOT forwarded out 
> the firewall. This allowed me to do RSYNC, etc locally as root or a 
> user with no restrictions.
> Once the SSH connection is established, it can be used to tunnel 
> anything.
>
> Geoff.
>
Well, that's the essence of port knocking, isn't it :)

-- 
Moish




More information about the Linux-il mailing list