reverse ssh
Erez D
erez0001 at gmail.com
Mon Jul 21 11:18:54 IDT 2014
On Sun, Jul 20, 2014 at 11:54 PM, E.S. Rosenberg
<esr+linux-il at g.jct.ac.il> wrote:
> I think we need to reset here for a minute...
>
> Is your goal to connect to a machine with a IP on a private range where
> there exists a gateway machine or router with a (known) public IP?
> In that case the solution is very simple: port-forwarding
> However I would not do that without also running fail2ban and maybe also
> fwknop so that evil SSH traffic would have a harder time at getting at my
> server.
>
> Or is your goal to connect to a machine reachable via a dynamic IP and you
> have a machine with a fixed IP that you can route via?
> In that case solutions are more complex, most of the solutions above related
> to that scenario I think.
it is not even a dynamic ip, it is a private ip behind a dynamic one
>
> So please clear up for us what your exact goal is.
> Regards,
> Eliyahu - אליהו
>
>
> 2014-07-20 18:46 GMT+03:00 Erez D <erez0001 at gmail.com>:
>
>> On Sun, Jul 20, 2014 at 3:36 PM, E.S. Rosenberg <esr at g.jct.ac.il> wrote:
>> > You can have something running on the machine you want to SSH to that
>> > updates the machine with a fixed IP what its' IP is and have a firewall
>> > rule
>> > or some other way to redirect specific traffic like for instance traffic
>> > to
>> > TCP:22222 from that machine to the IP that it was updated to be....
>> >
>> still do not understand what you mean, and how it will let me connect
>> to a machine with a private ip
>> >
>> > 2014-07-20 14:33 GMT+03:00 Erez D <erez0001 at gmail.com>:
>> >
>> >> On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David
>> >> <linux-il at didi.bardavid.org> wrote:
>> >> > If you just want an ssh connection you can simply redirect connection
>> >> > attempts to some port on the
>> >> > Internet-accessible machine to port 22 on the private-ip one - using
>> >> > whatever tool that fits you best -
>> >> > iptables, xinetd, redir, probably many others.
>> >> > --
>> >> > Didi
>> >>
>> >> i do not understand what do you mean
>> >> >
>> >> >
>> >> > 2014-07-20 13:31 GMT+03:00 Erez D <erez0001 at gmail.com>:
>> >> >>
>> >> >> looks a little complicated - extra ssh server, firewall with port
>> >> >> knocking
>> >> >> all this for a ssh connection ...
>> >> >>
>> >> >> On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe
>> >> >> <rabin at rabin.io>
>> >> >> wrote:
>> >> >> > you can add a port-knocking tool like fwknop to add a dynamic rule
>> >> >> > to
>> >> >> > forward your connection into the privet machine.
>> >> >> >
>> >> >> > --
>> >> >> > Rabin
>> >> >> >
>> >> >> >
>> >> >> > On Sun, Jul 20, 2014 at 12:16 PM, Erez D <erez0001 at gmail.com>
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan
>> >> >> >> <kaplanlior at gmail.com>
>> >> >> >> wrote:
>> >> >> >> > Didn't check it, but login in with a user who has /bin/true
>> >> >> >> > might
>> >> >> >> > do
>> >> >> >> > the
>> >> >> >> > trick.
>> >> >> >> you are correct, it works.
>> >> >> >> however it is still a security risk, as this means the client may
>> >> >> >> listen on unused port ...
>> >> >> >>
>> >> >> >> >
>> >> >> >> > Kaplan
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > On Sun, Jul 20, 2014 at 12:03 PM, Erez D <erez0001 at gmail.com>
>> >> >> >> > wrote:
>> >> >> >> >>
>> >> >> >> >> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan
>> >> >> >> >> <kaplanlior at gmail.com>
>> >> >> >> >> wrote:
>> >> >> >> >> > ssh itself ?
>> >> >> >> >> >
>> >> >> >> >> > http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
>> >> >> >> >> nice, however this requires me to give access to my server,
>> >> >> >> >> which
>> >> >> >> >> i
>> >> >> >> >> do
>> >> >> >> >> not want ...
>> >> >> >> >> (or, can i give people permission to ssh to my server only for
>> >> >> >> >> reverse
>> >> >> >> >> tunnels and no shell ?)
>> >> >> >> >>
>> >> >> >> >> >
>> >> >> >> >> > Kaplan
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > On Sun, Jul 20, 2014 at 11:36 AM, Erez D
>> >> >> >> >> > <erez0001 at gmail.com>
>> >> >> >> >> > wrote:
>> >> >> >> >> >>
>> >> >> >> >> >> hello
>> >> >> >> >> >>
>> >> >> >> >> >> i have a linux machine with a private ip connected to the
>> >> >> >> >> >> internet
>> >> >> >> >> >> i have a public ip and need to ssh to the linux box
>> >> >> >> >> >>
>> >> >> >> >> >> any tools for that ?
>> >> >> >> >> >>
>> >> >> >> >> >> _______________________________________________
>> >> >> >> >> >> Linux-il mailing list
>> >> >> >> >> >> Linux-il at cs.huji.ac.il
>> >> >> >> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> Linux-il mailing list
>> >> >> >> Linux-il at cs.huji.ac.il
>> >> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> _______________________________________________
>> >> >> Linux-il mailing list
>> >> >> Linux-il at cs.huji.ac.il
>> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >> >
>> >> >
>> >>
>> >> _______________________________________________
>> >> Linux-il mailing list
>> >> Linux-il at cs.huji.ac.il
>> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >
>> >
>
>
More information about the Linux-il
mailing list