[nflug] reverse tunnel

David J. Andruczyk djandruczyk at yahoo.com
Thu Apr 26 15:09:26 EDT 2007 

Ahh, OK easy:

Prereq's:
Cust machine MUST have SSHD running, and should be
able ot initiate an SSH connection outbound to the
internet.

Your site needs to have a SSH-inable machine
accessible via the internet, preferrably with a
hostname.

First off on your end..
you need to have a public hostname/IP that is SSH-in
able.  preferrably to an isolated system with a dummy
account (or ssh key, ssh key is nicer as it doesn't
require the end users to type in a password, but is
trickier to setup).

On the workstation (customer machine)
run "ssh -R:2222:localhost:22 YOUR_OUTSIDE_HOSTNAME -l
support

YOUR_OUTSIDE_HOSTNAME is the ssh-inable host located
at your place.

support is the username on that host.
If you use SSH keys it'll login and give a shell
prompt.  

The end user is now done.

YOU would run "ssh localhost -p 2222 -l $USERNAME" on
that host the user just logged into, use an
appropriate username for the customers machine., enter
the password, and you are now into the customers
machine.

when the user logs out of that connection, the port
forward will close.  NOTE: u can't do multipel port
forwards to the same box to the SAME ports. (i.e. u
can't work on two machines at once using this method
unless you have them use alternative ports. (i.e.
2222,2223, 2224)

--- Cyber Source <peter at thecybersource.com> wrote:

> David J. Andruczyk wrote:
> >> how about a succinct reverse ssh howto there
> buddy?
> >> I want to set this
> >> up on our dumps.
> >> __________________________
> >>     
> >
> > Not sure what exactly u mean.  Do you want to know
> how
> > to do an SSH port tunnel? (i.e. ssh -L, or ssh -R)
> >
> >
> >
> >
> >
> > -- David J. Andruczyk
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> > http://mail.yahoo.com 
> > _______________________________________________
> > nflug mailing list
> > nflug at nflug.org
> > http://www.nflug.org/mailman/listinfo/nflug
> >
> >   
> I want to be able to put an icon on my dump(s)
> desktop so that people
> that need help can use with me to be able to get
> back into them, whether
> they are behind a router or not, just like
> webex/gotomeeting does in
> windows land.
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
> 


-- David J. Andruczyk

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug

More information about the nflug mailing list