FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 10-27-2008, 01:37 PM
Jelle de Jong
 
Default how to get the right commands for a remote ssh session (attachment situation)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everybody,

I have been trying to create some sh tunneling commands that would allow
me to create a ssh session to a machine behind an firewall/nat from a
machine behind a firewall/nat but with a public server in between. I
have spent a day trying to figure things out but without success. So I
wanted to ask for some help to get the right command...

I have added an attachment with ASCII art that should hopefully explain
my situation and what I would like to do.

I would be very thankful if somebody could help me getting a solution.
Would somebody be willing to help?

Thanks in advance,

Jelle
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iJwEAQECAAYFAkkF0jAACgkQ1WclBW9j5HnslgP/coxh+iMHfB8hcTljrWPMfnYD
cQLm3G6EMlBd+lJC9RvFJsFmKT22JlmKZ8MySJU8PmoPGltVCp TxwbMofULvgmYf
mAIm5zfKl0iOEsooaSD7o7sh+Kc8X/EGTT4vl+hrio/XGD8m1Geq5M920Y5dKu8d
ROK/xmDZdHJIEkHjoTA=
=9hWv
-----END PGP SIGNATURE-----
question: how can admin0 and admin1 get a ssh session with user0 to provide remote support?

what are the exact ssh commands and there sequences for user0, admin0 and admin1?

+----------------+ +----------+ +--------------+ +----------+
| user0 |--------| firewall |--------| internet www |--------| firewall |
| ip: unknown | +----------+ +--------------+ +----------+
| ssh access to: | | |
| server0 | +----------+ +---------------------+
+----------------+ | firewall | | server0 |
+----------+ | ip: 84.245.3.195 |
+----------------+ | | provided access to: |
| admin0 |------------------------------------+ | user0 |
| ip: unknown | | admin0 |
| ssh access to: | | admin1 |
| server0 | +---------------------+
+----------------+ |
|
+----------------+ |
| admin1 |----------------------------------------------------------+
| ip: unknown |
| ssh access to: |
| server0 |
+----------------+

All systems are using Debian Linux sid or lenny, and no firewall can be
changed so only outgoing connection are allowed with exception of the
firewall of server0

------------------------------------------------------------------------

#!/bin/bash

# command script for user0

...

exit

------------------------------------------------------------------------

#!/bin/bash

# command script for admin0

...

exit

------------------------------------------------------------------------

#!/bin/bash

# command script for admin1

...

exit

------------------------------------------------------------------------


# notes:
http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html
 
Old 10-29-2008, 08:07 AM
Jelle de Jong
 
Default how to get the right commands for a remote ssh session (attachment situation)

Florian Kulzer wrote:
> On Mon, Oct 27, 2008 at 15:37:38 +0100, Jelle de Jong wrote:
>> Hello everybody,
>>
>> I have been trying to create some sh tunneling commands that would allow
>> me to create a ssh session to a machine behind an firewall/nat from a
>> machine behind a firewall/nat but with a public server in between. I
>> have spent a day trying to figure things out but without success. So I
>> wanted to ask for some help to get the right command...
>
> [...]
>
>> question: how can admin0 and admin1 get a ssh session with user0 to
>> provide remote support?
>>
>> what are the exact ssh commands and there sequences for user0, admin0
>> and admin1?
>>
>> +----------------+ +----------+ +--------------+ +----------+
>> | user0 |--------| firewall |--------| internet www |--------| firewall |
>> | ip: unknown | +----------+ +--------------+ +----------+
>> | ssh access to: | | |
>> | server0 | +----------+ +---------------------+
>> +----------------+ | firewall | | server0 |
>> +----------+ | ip: 84.245.3.195 |
>> +----------------+ | | provided access to: |
>> | admin0 |------------------------------------+ | user0 |
>> | ip: unknown | | admin0 |
>> | ssh access to: | | admin1 |
>> | server0 | +---------------------+
>> +----------------+ |
>> |
>> +----------------+ |
>> | admin1 |----------------------------------------------------------+
>> | ip: unknown |
>> | ssh access to: |
>> | server0 |
>> +----------------+
>>
>> All systems are using Debian Linux sid or lenny, and no firewall can be
>> changed so only outgoing connection are allowed with exception of the
>> firewall of server0
>
> I think this has to be done using remote port forwarding on user0 to
> break through the firewall:
>
> ssh -N -R 22222:localhost:22 server0
>
> If you run this command on user0 then an ssh connection is established
> that forwards port 22222 on server0 to port 22 on user0. Obviously, this
> means that you have to set up user0 in such a way that a user with
> access to that computer can initiate the support session by running that
> command, or you use a cron job, or you configure it as a permanent
> connection that is established whenever user0 boots up. (Note that the
> administrator of user0's firewall might notice what you are doing and
> he/she might not like that you poke a permanent hole into the firewall.)
>
> With the port forward via ssh in place, it should be possible to ssh
> into server0 from admin0 or admin1 and once you have your the shell on
> server0, you run
>
> ssh -p 22222 localhost
>
> which will establish an ssh session to port 22222 of server0, meaning
> that you connect via the ssh tunnel to port 22 of user0 (which I assume
> is the port on which user0's ssh server listens).
>
> I am not entirely sure if I have all the syntax correct, though. It may
> be possible to simplify the two-step ssh chain admin0/1 -> server0
> ->user0 by using ProxyCommand with netcat, see "man ssh_config".
>

Thank you Florian for taking the time to answer my question. This is
really appreciated, you were correct with the commands and I got it working:

ssh -f -N -R 9999:127.0.0.1:22 user0@server0
ssh -p 9999 user0@localhost

Thank you,

Kind regards,

Jelle


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 10:30 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org