Find the answer to your Linux question:
Results 1 to 8 of 8
Set up: [Machine at work (A)]---[Firewall]---[internet]----[OpenBSD (B)] I can log in on B from A just perfectly. It is also setup to use keys instead of password. I cannot log ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2005
    Posts
    6

    SSH Tunnel


    Set up:
    [Machine at work (A)]---[Firewall]---[internet]----[OpenBSD (B)]

    I can log in on B from A just perfectly. It is also setup to use keys instead of password. I cannot log in on A from B however because of the firewall over which I have no control. Question: How can I set up a tunnel from A to B so I can later use it to login on A from B? I tried experimenting with the -R flag but I couldn't make it work. Any hints anybody?

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,809
    What I used to do was run VNC server on (A), and open SSH from (A) to (B) with reverse port forwarding, so I could log onto local port on (B) from home and see the VNC desktop on (A).
    Linux user #126863 - see http://linuxcounter.net/

  3. #3
    Just Joined!
    Join Date
    Sep 2005
    Posts
    6
    Ok, but how did you set up the tunnel then? I won't be using vnc, just ssh and a shell.

  4. #4
    Linux Newbie deek's Avatar
    Join Date
    Mar 2005
    Location
    Fort Wayne, IN
    Posts
    248
    If you don't have control of that firewall, I don't think you are going to be able to do it. I mean, take the company I work for, which has hundreds of PCs behind the firewall...in order for me to ssh to my box (at work), the firewall would need to know to forward the appropriate port to my single box...no IT department is going to do that...

    Theoretically, you would have to initiate the contact from inside the firewall...but again, I know that most IT areas are going to automatically log you out after X hours...

    Hate to be the bearer of bad news, but I don't think you will be able to ssh into this box without having some sort of control over the firewall...
    Join the Open Source Revolution. Support GNU/Linux.

    Find me at: www.deeksworld.com
    Registered GNU/Linux User #395777

  5. #5
    Just Joined!
    Join Date
    Jun 2005
    Location
    Canada, Halifax
    Posts
    86
    I googled the following search string "linux ssh tunnel through firewall" and was rewarded with this little gem at the top of the list:
    http://souptonuts.sourceforge.net/sshtips.htm
    I expect this is what you're looking for.

  6. #6
    Just Joined!
    Join Date
    Sep 2005
    Posts
    6
    Yes, I tried that... It doesn't work. I guess I have to try again using more -v flags to see exactly what's happening but maybe my ssh is misconfigured. I can set a tunnel locally on machine B to itself but not from A. So the sshd on A is probably the problem, right?

  7. #7
    Just Joined!
    Join Date
    Jun 2005
    Location
    Canada, Halifax
    Posts
    86
    Have you tried anything like what is descripbed here:
    http://proxytunnel.sourceforge.net/p...et-200204.html
    (c) Copyright 2001-2002 the Muppet
    ...
    ssh -R 2323:some-sys.bigacme.com:23 casa
    ...
    With only a limited amount of effort it is possible to convert the remote tunnel example into a fully functional system for connecting to a system on the inside of the network using ssh. In order to implement this solution, you need:
    User access (root access not necessary!) to a system on the inside of the network that can act as a gateway into the network.
    A computer system in the Internet that runs the SSH daemon on a port that is allowed by the corporate firewall that we want to penetrate (e.g. port 443). A cable modem or ADSL connected Linux system will do just fine.
    ProxyTunnel
    Some smart shell scripts
    On the internal system, you install SSH, ProxyTunnel and a small shell script (tunnel) that is run regularly (say every 5 minutes) through the Unix cron scheduler. This script uses scp to retrieve a small instruction file from the external system in the Internet (in this example, this file is called tr (for tunnelrequest). The tr file contains a flag that indicates whether a tunnel into the protected network is requested or not.

    After retrieving the tunnel request file the script does the following:

    If a tunnel is requested, and there is currently a reverse tunnel in operation, the script does nothing.
    If a tunnel is requested, and there is currently no tunnel operating, the script uses an SSH command (like the one in the previous example) to set up a reverse tunnel. Access into the protected network is now possible!
    If no tunnel is requested, but there is one running, the running tunnel is terminated.
    If no tunnel is requested, and none is running, the script does nothing.
    For good measure, the script's action is summarised in a one-line status message that is put back (again using scp) to the external system in the Internet.

    Meanwhile, on the external system we install a small script (maketun) that opens up a tunnel into the protected network through the following procedure:

    First it checks whether a tunnel already exists. If that is the case, it connects to the existing tunnel.
    If no tunnel exists, it writes out a tr file that requests a tunnel and starts waiting...
    While this script waits, the (time scheduled) tunnel script on the internal system retrieves the tr file and creates the tunnel.
    The script on the local system regularly checks whether the tunnel has been created already. When it is, it emits three beeps and connects to the tunnel. The user now has access to the internal system!
    ...
    I've only included a small portion of the complete text. You stated that SSH's reverse port forwarding feature didn't assist you, perhaps you should try a more commonly accessable port, say 443?

  8. #8
    Just Joined!
    Join Date
    Sep 2005
    Posts
    6

    Problem solved!

    I finally managed to make it work. Thank you all who helped! I had accidentally misconfigured the configfile. Anyway, I also swithced on KeepAlive to prevent the tunnel from closing on me.

    So, again, thanks all!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •