LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Reverse SSH in Slackware (http://www.linuxquestions.org/questions/slackware-14/reverse-ssh-in-slackware-4175459998/)

rkelsen 04-29-2013 08:24 AM

Reverse SSH in Slackware
 
I'm trying to set up a reverse ssh in Slackware, to get a shell login on an Android phone which is connected to my wifi LAN.

Running this command on the phone seems to work:

Code:

ssh -R 19999:localhost:22 myuser@192.168.0.15
The phone logs into the server and appears to forward the 'listening' port correctly:

Code:

$ netstat -an | grep 19999
tcp        0      0 127.0.0.1:19999        0.0.0.0:* LISTEN
tcp6      0      0 ::1:19999              :::* LISTEN

The problem I have is at the next step:

Code:

$ ssh localhost -p 19999 -v
OpenSSH_6.1p1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [127.0.0.1] port 19999.
debug1: Connection established.
debug1: identity file /home/myuser/.ssh/id_rsa type 1
debug1: identity file /home/myuser/.ssh/id_rsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_dsa type -1
debug1: identity file /home/myuser/.ssh/id_dsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa-cert type -1
ssh_exchange_identification: Connection closed by remote host

Even more befuddling is that I have these settings in /etc/ssh/sshd_config:

Code:

RSAAuthentication no
PubkeyAuthentication no

How do I fix this?

Ygrex 04-29-2013 08:58 AM

interesting, what is reverse SSH?

zakame 04-29-2013 09:27 AM

Is the phone's ssh the full OpenSSH implementation? I remember Android phones typically implement dropbear SSH only, if it is even installed.

kfritz 04-29-2013 11:04 AM

Stupid question: is sshd even running on the phone?
Code:

netstat -an | grep 22
That's the same debug output that you would see if reverse tunneled to a closed port.

rkelsen 04-29-2013 06:19 PM

Quote:

Originally Posted by kfritz (Post 4941231)
Stupid question: is sshd even running on the phone?

No. That's the point of the 'reverse' part. You don't need to be running sshd on the target.

To take the phone out of the equation and thereby remove any doubt about its SSH implementation, I tried this between my laptop [running slackware64-14.0] and my desktop [running slackware-13.37] with the exact same result.

This tells me that there must be an incorrect setting on the machine which is running sshd. Aside from the changes mentioned in my prior post, I'm using the default slackware sshd_config.

The error message hints toward a PKI problem. I've tried copying keys between machines, but it doesn't make any difference, except that you don't have to enter a password to log in at step 1.

How do I get a reverse ssh session working in Slackware?

Richard Cranium 04-29-2013 09:00 PM

From the ssh man page:

Code:

Port forwardings can also be specified in the configuration file.
Privileged ports can be forwarded only when logging in as root on
the remote machine.

Port 22 is a privileged port.

allend 04-29-2013 11:19 PM

Quote:

RSAAuthentication no
PubkeyAuthentication no
If you are using RSA keys, then you will want these options set to yes in /etc/ssh/sshd_config on the server.

Originating the reverse SSH connection will require root privileges as you are forwarding a privileged port.
Code:

ssh -p <Remote_Connection_Port> -R <Remote_Login_Port>:localhost:22 -i <IDfile> <username_at_server>@<server>
where:
<Remote_Connection_Port> is the port to connect to sshd on the server (default is 22). You need to add a 'Port xxx' to /etc/ssh/sshd_config on the server if you use a port other than 22.
<Remote_Login_Port> is the port that will be used to connect back
<IDfile> is the private key for the user on the originating machine

To connect
Code:

ssh -p <Remote_Login_Port> <username_at_originating_machine>@localhost
The public key for the originating user needs to be in ~/.ssh/authorized_keys on the server.
The public key for the originating machine needs to be in ~/.ssh/known_hosts on the server. (This is found in /etc/ssh/ssh_host_rsa_key.pub on the originating machine if using RSA protocol.)

The public key for the connecting user needs to be in ~/.ssh/authorized_keys on the originating machine.
The public key for the connecting machine needs to be in ~/.ssh/known_hosts on the originating machine. (This is found in /etc/ssh/ssh_host_rsa_key.pub on the server if using RSA protocol.)

PS - I heavily use my reverse SSH tunnel. Thanks for the refresher! It is years since I set this up.

rkelsen 04-29-2013 11:42 PM

Quote:

Originally Posted by allend (Post 4941579)
Originating the reverse SSH connection will require root privileges as you are forwarding a privileged port.

I'm hearing this a lot, but there are plenty of examples on the 'net showing that you can do this as a normal user.

I'll set up sshd to use an unprivileged port and see what happens. Is 2222 a good one to use?

Once it is going, then I'll start messing with shared keys.

Thanks for your help. I'll report back later.

MadMaverick9 04-29-2013 11:52 PM

Quote:

The phone logs into the server and appears to forward the 'listening' port correctly:
Yeah - but the other end of the tunnel, localhost:22, is not there. Since there is no sshd running your phone.

Skaperen 04-30-2013 12:04 AM

Quote:

Originally Posted by MadMaverick9 (Post 4941591)
Yeah - but the other end of the tunnel, localhost:22, is not there. Since there is no sshd running your phone.

This is likely the exact problem. To test it, when doing the ssh client command on the phone, do it to the localhost on the phone itself to see if port 22 is listening. If the connection is refused, then you need to get an sshd app running. More than one app for that seems to be available.

rkelsen 04-30-2013 12:04 AM

Quote:

Originally Posted by MadMaverick9 (Post 4941591)
Yeah - but the other end of the tunnel, localhost:22, is not there. Since there is no sshd running your phone.

Port 22 is opened by the connection to the laptop. That part works.

The point of a reverse ssh tunnel is that you don't need to run sshd on the destination... or am I sorely mistaken on this point?

Ygrex 04-30-2013 12:16 AM

with the command a remote 0.0.0.0:19999 socket is opened that is forwarded to localhost:22 of the machine that initiated SSH connection (your phone); you'd better answer my previous question because reverse SSH is wrong term

Ygrex 04-30-2013 12:18 AM

probably you want this:
Code:

ssh -R 19999:192.168.0.15:22 myuser@192.168.0.15

MadMaverick9 04-30-2013 12:23 AM

Quote:

or am I sorely mistaken on this point?
Yes - it took me a moment of reading to understand this too, but this page explains it quite clearly http://en.gentoo-wiki.com/wiki/Reverse_Tunneling.

And also "man ssh":
Quote:

-R [bind_address:]port:host:hostport
Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine.
Since you specify "localhost" for the "host" parameter, "host" is the ip address of your phone and "hostport" a port on your phone. So port 19999 on the server (your slackware box) is tunneled to port 22 on your phone. "local side" and "local machine" are your phone in this case.

MadMaverick9 04-30-2013 12:26 AM

Quote:

you'd better answer my previous question because reverse SSH is wrong term
I was as surprised as you are about the term "reverse ssh". But it is the correct term. Search for it.

Update: the proper term seems to be "reverse ssh tunnel". Close enough.


All times are GMT -5. The time now is 01:02 AM.