reversing the roles of ssh and sshd
Dan Kaminsky
dan at doxpara.com
Sun Dec 30 05:31:08 EST 2001
Clark--
It's much better to use remote port forwards for a job like this.
Essentially, you have the ssh client on your firewalled machine remote port
forward that machine's ssh server. So, for example:
firewalled$ ssh -R2022:127.0.0.1:22 dummyuser at adminsite
adminsite$ ssh -o "HostKeyAlias firewalled" user at 127.0.0.1 -p 2022
Of course, there's the question of how to trigger the firewalled host's
SSHing into your admin box. Email, crontabs, on-site triggering(i.e. you
call someone and say "please go to this webpage if you want me to fix your
machine), or just leaving the link up at all times are viable options.
--Dan
----- Original Message -----
From: "Clark C . Evans" <cce at clarkevans.com>
To: <openssh-unix-dev at mindrot.org>
Cc: <krahmer at cs.uni-potsdam.de>
Sent: Saturday, December 29, 2001 10:33 AM
Subject: reversing the roles of ssh and sshd
> I have a box behind a firewall that I'd like to administer. The
> firewall allows outgoing connections, but blocks all incoming
> connection requests. Thus, behind the firewall I can ssh out
> to my server, but I can't do the reverse. I found Sebastian
> Krahmer's OpenSSH Reverse [1] which looks very promising, but
> it is a few revisions behind. I was wondering if anyone has
> considered integrating this with the OpenSSH code base. It
> seems like such a useful feature...
>
> Best,
>
> Clark
>
> [1] http://www.securiteam.com/tools/6I00N0K03K.html
> http://teso.scene.at/releases/openssh.reverse.tgz
> Patched OpenSSH (cl+sv) for tunneling firewalls
> (client connects to server)
>
>
More information about the openssh-unix-dev
mailing list