Find the answer to your Linux question:
Results 1 to 7 of 7
Hi Guys, This is my first post at this forum and hopefully the first of many. I am a final year student in college and as part of a project ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2011
    Posts
    4

    reverse ssh blocked


    Hi Guys,
    This is my first post at this forum and hopefully the first of many.

    I am a final year student in college and as part of a project I was required to link two computers together over the internet such that socket data can be sent to control motors etc. I successfully got this working through a reverse SSH connection.
    I did this by means of a 3rd computer on another network which I had control over.

    What is bothering me is that when i establish a SSH connection to this 3rd computer from the college wired network (the 3rd server is on a different network on another premises) the connection is successful but I am unable to establish a reverse connection. The wired network blocks most ports for security so I have the server listening on port 443.

    When I am using the college's wireless network however, I am able to establish an SSH connection to the server and succesffully estbalish a reverse SSH connection listening on port 8080. What this means is that the 3rd party server forwards any data it gets on port 8080 to my computer in the college.

    My question is simply how can the college block this? I mean, once an SSH connection is established, it is encrypted and since reverse SSH connections are tunnelled how can the college network know what is going on and block it? The computer that I am using in the college is my own so there is no security systems on it blocking the connection.


    Thanks

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,664
    This is usually due to firewall settings. You probably need to communicate with the university's IT and networking department to set up a proxy or router rule that will let this through for your specific systems. We used to have issues like this at a company I worked at when we needed to get similar connections to our manufacturing customers. There were times when we had to whack a few folks up side the head so they understood that million$ in revenues were on the line...
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Just Joined!
    Join Date
    Apr 2011
    Posts
    4
    Quote Originally Posted by Rubberman View Post
    This is usually due to firewall settings. You probably need to communicate with the university's IT and networking department to set up a proxy or router rule that will let this through for your specific systems. We used to have issues like this at a company I worked at when we needed to get similar connections to our manufacturing customers. There were times when we had to whack a few folks up side the head so they understood that million$ in revenues were on the line...
    Hi rubberman and thanks for the reply. My question still stands though as to how it is done. This would seem to imply that the reverse command is sent before the encryption is setup and the routing devices/firewalls involved are able to somehow filter the command out of the stream.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,664
    Quote Originally Posted by mentaaal View Post
    Hi rubberman and thanks for the reply. My question still stands though as to how it is done. This would seem to imply that the reverse command is sent before the encryption is setup and the routing devices/firewalls involved are able to somehow filter the command out of the stream.
    Well, there is usually a good deal of flexibility how these commercial (or open source) firewalls work, so you really need to speak with the University's responsible bodies about that. In any case, there is too much to deal with here, without a LOT more insider information. Some are port blockers, others are protocol/packet sniffers, others are sub-net filters, etc. Too much to do any reasonable guessing.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  6. #5
    Just Joined!
    Join Date
    Apr 2011
    Posts
    4
    Ok thats fair enough. The question I was really asking however is how can it be done by any system. I am not overly interested in circumventing the system its just a theoretical question to satisfy my curiosity. Do you know of any literature or website that would be able to exaplain any method of how this could be done. I have tried looking for this on the web but have not been able to turn up anything.

    Thanks

  7. #6
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,664
    Quote Originally Posted by mentaaal View Post
    Ok thats fair enough. The question I was really asking however is how can it be done by any system. I am not overly interested in circumventing the system its just a theoretical question to satisfy my curiosity. Do you know of any literature or website that would be able to exaplain any method of how this could be done. I have tried looking for this on the web but have not been able to turn up anything.

    Thanks
    There are a number of commercial and open source firewalls in use, and they are all quite different. As I said, since how this is done depends upon the specific site configuration, you REALLY need to speak with those who maintain the university network.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  8. #7
    Just Joined!
    Join Date
    Apr 2011
    Posts
    4
    In all likelihood I dont expect to be able to find anyone with the expertise/willingness to share this information with me. I think I am just going to have to find out my self the hard way in college. Hello network analysis tools!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •