LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-31-2007, 08:27 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Rep: Reputation: 57
Reverse SSH to remote client behind a firewall


I am sure that I am not the only one with this issue. Everytime a client calls me I have to walk them over the phone on to port forward certain ports like 5900, 3389 from within there Firewall,so that I can connect to their machine via VNC or Rdesktop (for XP). I am sick and tired of doing this. I have read a little on reverse SSH and was wonder if someone can point me in the right direction on how to use that. From what I understand I have to:

1 - Setup SSH server on my linux box and give them an account.

2 - Load Putty on the XP workstation with certain settings.

3 - Have the client SSH to my server.

4 - And then magically connect to their XP workstation from my Linux box via VNC or RDesktop.

I need some insight on this thanks! How can I do this without having to mess with their firewall settings? This would help out million of IT people. Also looking at from a security stand point, this would be ideal because you do not have to physically open up any ports on your firewall, you would be establishing a remote session! Cool

Last edited by metallica1973; 05-31-2007 at 08:31 PM.
 
Old 05-31-2007, 09:34 PM   #2
camh
Member
 
Registered: Feb 2005
Distribution: Slack/Debian
Posts: 163
Blog Entries: 2

Rep: Reputation: 33
Basically you've got it. It's really easy to do.

You set up ssh on your linux box with 22 open on your firewall. They ssh into your machine with specific settings and leave the session running. You then rdp to your linux box on the specified port (specified from the clients end)and it tunnels through the existing ssh session to the port on the clients machine.

Note, that you will need to add the line "GatewayPorts yes" into your sshd_config.

You don't have to mess with their firewall at all because they are only making an outbound connection to you.

Additionally, if you are going to be making account on your linux box, you should chroot and quota their homedirs to protect yourself.

Good luck.

Last edited by camh; 05-31-2007 at 09:35 PM.
 
Old 06-04-2007, 11:00 PM   #3
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Original Poster
Rep: Reputation: 57
what is the CLI command for ssh on the host and how do I setup Putty for my clients?
 
Old 06-05-2007, 08:33 AM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
An easier way is to setup a pptp server in your office and have them connect as a client to that.
Use this box to RDP to them as if they were local..

Most M$ machines have a pptp client.
It doesn't need to be encrypted, but it's good to lock down the ip addresses that can connect to it.
 
Old 06-05-2007, 01:24 PM   #5
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Original Poster
Rep: Reputation: 57
Thanks for the replies. Just for my personal knowledge, can anyone give me the CLI commands for SSH and the host and the configurations for PUTTY for the cleint?


SSH server -------------
| |
| |
| |
Putty Client -----------

Last edited by metallica1973; 06-05-2007 at 01:27 PM.
 
Old 06-08-2007, 12:57 PM   #6
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Original Poster
Rep: Reputation: 57
Can someone please tell me how to establish a reverse ssh connection using putty from windows. I have my linux server ready to recieve ssh session but I do not know how to setup putty using windows. help!
 
Old 06-08-2007, 04:15 PM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965
http://www.vdomck.org/2005/11/21/rev...sh-connection/
 
Old 06-09-2007, 10:51 PM   #8
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Original Poster
Rep: Reputation: 57
I got it to work: But it is very very slow. I will post the steps:

1 - setup sshd on my linux box at my office. Created a generic client login.

2 - setup up putty on my client machines - under tunnel I gave them

R5900 Localhost:5900

R5900 - the port that the client listens on(VNC port)

Localhost:5900 - the port that is forwarded to on the local machine(client)

3 - This is very important. In the VNC administration section, you must enable loopback connections. If not then you will not be able to connect to the VNC host.

4 - then finally from the sshd server I was able to vnc to the localhost:5900 or the ip address of the sshd server or from any machine on that subnet.

Do you have any suggestions on why it is slow?

Last edited by metallica1973; 06-09-2007 at 10:53 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Gnome remote desktop in reverse mode tolano Linux - Software 2 04-25-2007 03:33 PM
Firewall - like reverse proxy andy.l Linux - Security 3 04-20-2007 03:24 AM
Remote Access, reverse ssh haxcess Linux - Networking 1 12-09-2005 11:47 AM
ssh and other remote access to a firewall. Insane? fipeso Linux - Security 9 05-04-2005 12:37 AM
reverse ssh? slashcom Linux - Software 3 08-12-2004 10:51 PM


All times are GMT -5. The time now is 12:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration