Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Hi, I have a linux box ('remoteserver') behind a NAT. Remoteserver connects to ('gatewayserver'), which has a public ipaddress and can be accessed anywhere in the world. I want to ssh into remoteserver from anywhere in the world using my 'clientpc'.
clientpc --> internet --> gatewayserver (w/ public ip address) --> remoteserver (only accessible from devices on the same local network, like gatewayserver).
My constraints are as follows:
*)I have absolutely no access to the NAT router or firewall that sits on top of gatewayserver and remoteserver.
*)Gatewayserver is running a ssh server that is accessible from the internet. I have a standard user account to this ssh on gatewayserver, but no root or sudo access.
*)Remoteserver has a ssh server that is accessible only from devices on the local network (like gatewayserver). I have root access to remoteserver and want to ssh into this, but must do it through gatewayserver.
My solution: use openssh reverse tunnelling/port forwarding. The command I run on remoteserver is this:
This command forwards any activity on port 9999 on gatewayserver's loopback server and forwards it to port 22 on remoteserver. THIS WORKS. All I need to do to take advantage of this method to access remoteserver is this:
I am perfectly happy with this method, but I was wondering if I could reduce this to one ssh command. After some internet searching, I found that it is indeed possible if the sshd on gatewayserver has option GatewayPorts Yes in the sshd_config file. What GatewayPorts does (if allowed) is let machines like clientpc (and other machines on the internet like clientpc1, clientpc2, clientpc3) connect to the forwarded port like 9999 above. This means if one were to run nmap on gatewayserver, they would find port 9999 open. If GatewayPorts were forwarded, on client machine I could run the following command and access remote machine in one step:
First, set up the reverse tunnel from gatewayserver --> remoteserver:
What this means:
On gatewayserver, in sshd_config, GatewayPorts is defaulted to off and the sysadmin didn't turn it on. I don't know the sysadmin to ask to have it turned on either. So my question is, is there a way to bind a public port to a localhost port, because if there were, then I could bind, say, public port 9999 to gatewayserver's loopback server port 9999 which would then go to remoteserver port 22 because of the reverse ssh tunnel I set up.
So to recap because I probably gave more info than was needed, I'm looking for a way to open a public port and bind it to a port on loopback server, doing this without root access, but with a user account. Is this possible?
Thank you guys for being there when we need you!
If any of this was unclear, please ask!
Last edited by unraisedarc; 07-05-2010 at 12:16 PM.
Use Public Key authentication for both ssh sessions so no passwords are going over internet.
Your 2nd question (How would I force ssh to use ipv6 when on clientpc?). Just setup ~/.ssh/config on the clientpc as follows, you can also specify gatewayuser to avoid having to specify this on the command line:
hostname <ipv6 address>
Last edited by simon.sweetman; 07-06-2010 at 07:33 PM.