reverse ssh
E.S. Rosenberg
esr+linux-il at g.jct.ac.il
Sun Jul 20 16:37:05 IDT 2014
Re:all
You can have something running on the machine you want to SSH to that
updates the machine with a fixed IP what its' IP is and have a firewall
rule or some other way to redirect specific traffic like for instance
traffic to TCP:22222 from that machine to the IP that it was updated to
be....
2014-07-20 14:33 GMT+03:00 Erez D <erez0001 at gmail.com>:
> On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David
> <linux-il at didi.bardavid.org> wrote:
> > If you just want an ssh connection you can simply redirect connection
> > attempts to some port on the
> > Internet-accessible machine to port 22 on the private-ip one - using
> > whatever tool that fits you best -
> > iptables, xinetd, redir, probably many others.
> > --
> > Didi
>
> i do not understand what do you mean
> >
> >
> > 2014-07-20 13:31 GMT+03:00 Erez D <erez0001 at gmail.com>:
> >>
> >> looks a little complicated - extra ssh server, firewall with port
> knocking
> >> all this for a ssh connection ...
> >>
> >> On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe <rabin at rabin.io>
> >> wrote:
> >> > you can add a port-knocking tool like fwknop to add a dynamic rule to
> >> > forward your connection into the privet machine.
> >> >
> >> > --
> >> > Rabin
> >> >
> >> >
> >> > On Sun, Jul 20, 2014 at 12:16 PM, Erez D <erez0001 at gmail.com> wrote:
> >> >>
> >> >> On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan <kaplanlior at gmail.com>
> >> >> wrote:
> >> >> > Didn't check it, but login in with a user who has /bin/true might
> do
> >> >> > the
> >> >> > trick.
> >> >> you are correct, it works.
> >> >> however it is still a security risk, as this means the client may
> >> >> listen on unused port ...
> >> >>
> >> >> >
> >> >> > Kaplan
> >> >> >
> >> >> >
> >> >> > On Sun, Jul 20, 2014 at 12:03 PM, Erez D <erez0001 at gmail.com>
> wrote:
> >> >> >>
> >> >> >> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan <
> kaplanlior at gmail.com>
> >> >> >> wrote:
> >> >> >> > ssh itself ?
> >> >> >> >
> >> >> >> > http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
> >> >> >> nice, however this requires me to give access to my server, which
> i
> >> >> >> do
> >> >> >> not want ...
> >> >> >> (or, can i give people permission to ssh to my server only for
> >> >> >> reverse
> >> >> >> tunnels and no shell ?)
> >> >> >>
> >> >> >> >
> >> >> >> > Kaplan
> >> >> >> >
> >> >> >> >
> >> >> >> > On Sun, Jul 20, 2014 at 11:36 AM, Erez D <erez0001 at gmail.com>
> >> >> >> > wrote:
> >> >> >> >>
> >> >> >> >> hello
> >> >> >> >>
> >> >> >> >> i have a linux machine with a private ip connected to the
> >> >> >> >> internet
> >> >> >> >> i have a public ip and need to ssh to the linux box
> >> >> >> >>
> >> >> >> >> any tools for that ?
> >> >> >> >>
> >> >> >> >> _______________________________________________
> >> >> >> >> Linux-il mailing list
> >> >> >> >> Linux-il at cs.huji.ac.il
> >> >> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >> >> >> >
> >> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >> _______________________________________________
> >> >> Linux-il mailing list
> >> >> Linux-il at cs.huji.ac.il
> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >> >
> >> >
> >>
> >> _______________________________________________
> >> Linux-il mailing list
> >> Linux-il at cs.huji.ac.il
> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
> >
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20140720/1ce82887/attachment.html>
More information about the Linux-il
mailing list