LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 04-29-2013, 09:24 AM   #1
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 1,805

Rep: Reputation: 233Reputation: 233Reputation: 233
Reverse SSH in Slackware


I'm trying to set up a reverse ssh in Slackware, to get a shell login on an Android phone which is connected to my wifi LAN.

Running this command on the phone seems to work:

Code:
ssh -R 19999:localhost:22 myuser@192.168.0.15
The phone logs into the server and appears to forward the 'listening' port correctly:

Code:
$ netstat -an | grep 19999
tcp        0      0 127.0.0.1:19999         0.0.0.0:* LISTEN
tcp6       0      0 ::1:19999               :::* LISTEN
The problem I have is at the next step:

Code:
$ ssh localhost -p 19999 -v
OpenSSH_6.1p1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [127.0.0.1] port 19999.
debug1: Connection established.
debug1: identity file /home/myuser/.ssh/id_rsa type 1
debug1: identity file /home/myuser/.ssh/id_rsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_dsa type -1
debug1: identity file /home/myuser/.ssh/id_dsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa-cert type -1
ssh_exchange_identification: Connection closed by remote host
Even more befuddling is that I have these settings in /etc/ssh/sshd_config:

Code:
RSAAuthentication no
PubkeyAuthentication no
How do I fix this?

Last edited by rkelsen; 04-29-2013 at 09:25 AM.
 
Old 04-29-2013, 09:58 AM   #2
Ygrex
Member
 
Registered: Nov 2004
Location: Russia (St.Petersburg)
Distribution: Debian
Posts: 666

Rep: Reputation: 68
interesting, what is reverse SSH?
 
Old 04-29-2013, 10:27 AM   #3
zakame
Member
 
Registered: Apr 2012
Distribution: Debian, Ubuntu, Slackware
Posts: 131

Rep: Reputation: 52
Is the phone's ssh the full OpenSSH implementation? I remember Android phones typically implement dropbear SSH only, if it is even installed.
 
Old 04-29-2013, 12:04 PM   #4
kfritz
Member
 
Registered: Aug 2006
Distribution: Slackware, OpenBSD
Posts: 75

Rep: Reputation: 20
Stupid question: is sshd even running on the phone?
Code:
netstat -an | grep 22
That's the same debug output that you would see if reverse tunneled to a closed port.

Last edited by kfritz; 04-29-2013 at 12:06 PM.
 
Old 04-29-2013, 07:19 PM   #5
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 1,805

Original Poster
Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by kfritz View Post
Stupid question: is sshd even running on the phone?
No. That's the point of the 'reverse' part. You don't need to be running sshd on the target.

To take the phone out of the equation and thereby remove any doubt about its SSH implementation, I tried this between my laptop [running slackware64-14.0] and my desktop [running slackware-13.37] with the exact same result.

This tells me that there must be an incorrect setting on the machine which is running sshd. Aside from the changes mentioned in my prior post, I'm using the default slackware sshd_config.

The error message hints toward a PKI problem. I've tried copying keys between machines, but it doesn't make any difference, except that you don't have to enter a password to log in at step 1.

How do I get a reverse ssh session working in Slackware?

Last edited by rkelsen; 04-29-2013 at 07:51 PM.
 
Old 04-29-2013, 10:00 PM   #6
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.1
Posts: 1,568

Rep: Reputation: 462Reputation: 462Reputation: 462Reputation: 462Reputation: 462
From the ssh man page:

Code:
Port forwardings can also be specified in the configuration file.
Privileged ports can be forwarded only when logging in as root on
the remote machine.
Port 22 is a privileged port.
 
Old 04-30-2013, 12:19 AM   #7
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,486

Rep: Reputation: 856Reputation: 856Reputation: 856Reputation: 856Reputation: 856Reputation: 856Reputation: 856
Quote:
RSAAuthentication no
PubkeyAuthentication no
If you are using RSA keys, then you will want these options set to yes in /etc/ssh/sshd_config on the server.

Originating the reverse SSH connection will require root privileges as you are forwarding a privileged port.
Code:
ssh -p <Remote_Connection_Port> -R <Remote_Login_Port>:localhost:22 -i <IDfile> <username_at_server>@<server>
where:
<Remote_Connection_Port> is the port to connect to sshd on the server (default is 22). You need to add a 'Port xxx' to /etc/ssh/sshd_config on the server if you use a port other than 22.
<Remote_Login_Port> is the port that will be used to connect back
<IDfile> is the private key for the user on the originating machine

To connect
Code:
ssh -p <Remote_Login_Port> <username_at_originating_machine>@localhost
The public key for the originating user needs to be in ~/.ssh/authorized_keys on the server.
The public key for the originating machine needs to be in ~/.ssh/known_hosts on the server. (This is found in /etc/ssh/ssh_host_rsa_key.pub on the originating machine if using RSA protocol.)

The public key for the connecting user needs to be in ~/.ssh/authorized_keys on the originating machine.
The public key for the connecting machine needs to be in ~/.ssh/known_hosts on the originating machine. (This is found in /etc/ssh/ssh_host_rsa_key.pub on the server if using RSA protocol.)

PS - I heavily use my reverse SSH tunnel. Thanks for the refresher! It is years since I set this up.
 
Old 04-30-2013, 12:42 AM   #8
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 1,805

Original Poster
Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by allend View Post
Originating the reverse SSH connection will require root privileges as you are forwarding a privileged port.
I'm hearing this a lot, but there are plenty of examples on the 'net showing that you can do this as a normal user.

I'll set up sshd to use an unprivileged port and see what happens. Is 2222 a good one to use?

Once it is going, then I'll start messing with shared keys.

Thanks for your help. I'll report back later.
 
Old 04-30-2013, 12:52 AM   #9
MadMaverick9
Member
 
Registered: Aug 2010
Location: Here
Distribution: Slackware 14.0
Posts: 144

Rep: Reputation: Disabled
Quote:
The phone logs into the server and appears to forward the 'listening' port correctly:
Yeah - but the other end of the tunnel, localhost:22, is not there. Since there is no sshd running your phone.
 
2 members found this post helpful.
Old 04-30-2013, 01:04 AM   #10
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Slackware, CentOS, Ubuntu, Fedora, Timesys, Linux From Scratch
Posts: 1,777
Blog Entries: 20

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by MadMaverick9 View Post
Yeah - but the other end of the tunnel, localhost:22, is not there. Since there is no sshd running your phone.
This is likely the exact problem. To test it, when doing the ssh client command on the phone, do it to the localhost on the phone itself to see if port 22 is listening. If the connection is refused, then you need to get an sshd app running. More than one app for that seems to be available.
 
Old 04-30-2013, 01:04 AM   #11
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 1,805

Original Poster
Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by MadMaverick9 View Post
Yeah - but the other end of the tunnel, localhost:22, is not there. Since there is no sshd running your phone.
Port 22 is opened by the connection to the laptop. That part works.

The point of a reverse ssh tunnel is that you don't need to run sshd on the destination... or am I sorely mistaken on this point?

Last edited by rkelsen; 04-30-2013 at 01:07 AM.
 
Old 04-30-2013, 01:16 AM   #12
Ygrex
Member
 
Registered: Nov 2004
Location: Russia (St.Petersburg)
Distribution: Debian
Posts: 666

Rep: Reputation: 68
with the command a remote 0.0.0.0:19999 socket is opened that is forwarded to localhost:22 of the machine that initiated SSH connection (your phone); you'd better answer my previous question because reverse SSH is wrong term
 
Old 04-30-2013, 01:18 AM   #13
Ygrex
Member
 
Registered: Nov 2004
Location: Russia (St.Petersburg)
Distribution: Debian
Posts: 666

Rep: Reputation: 68
probably you want this:
Code:
ssh -R 19999:192.168.0.15:22 myuser@192.168.0.15
 
Old 04-30-2013, 01:23 AM   #14
MadMaverick9
Member
 
Registered: Aug 2010
Location: Here
Distribution: Slackware 14.0
Posts: 144

Rep: Reputation: Disabled
Quote:
or am I sorely mistaken on this point?
Yes - it took me a moment of reading to understand this too, but this page explains it quite clearly http://en.gentoo-wiki.com/wiki/Reverse_Tunneling.

And also "man ssh":
Quote:
-R [bind_address:]port:host:hostport
Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine.
Since you specify "localhost" for the "host" parameter, "host" is the ip address of your phone and "hostport" a port on your phone. So port 19999 on the server (your slackware box) is tunneled to port 22 on your phone. "local side" and "local machine" are your phone in this case.
 
1 members found this post helpful.
Old 04-30-2013, 01:26 AM   #15
MadMaverick9
Member
 
Registered: Aug 2010
Location: Here
Distribution: Slackware 14.0
Posts: 144

Rep: Reputation: Disabled
Quote:
you'd better answer my previous question because reverse SSH is wrong term
I was as surprised as you are about the term "reverse ssh". But it is the correct term. Search for it.

Update: the proper term seems to be "reverse ssh tunnel". Close enough.

Last edited by MadMaverick9; 04-30-2013 at 01:28 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
reverse ssh with X forwarding lleb Linux - Newbie 1 08-16-2012 08:11 PM
SSH reverse pipe C4N4rD Linux - Networking 6 03-07-2010 01:29 PM
Reverse Tunneling / Reverse port forwarding in SSH dynamics Linux - Networking 3 11-23-2009 11:31 AM
reverse ssh? slashcom Linux - Software 3 08-12-2004 11:51 PM
Reverse SSH Tunnel sniggleflop Linux - Security 1 10-13-2002 02:24 PM


All times are GMT -5. The time now is 07:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration