hey everybody, my friend depending on his lanlords router. she wont let us forward port for ssh as long as she think it could be dangerous for her running WINBLOWS behind same router so my friend can easy ssh me but i dont know how to ssh him as long as his IP is 192.168.0.3 (behind routers IP). Well here is what i am thinking :Q#1 can i take somehow over the session when he SSH me and connect through his sesson ? Q#2 also would be interesting to know (for me) how do i see in real time what people are doing on my box through SSH thanx a bunch for advice

hmm, I'm not sure if this is possible without extensive programming. I am interested to find out myself.

Any commands entered are added to /home/username/.bash_history (assumming bash is the default shell). Just run 'tail /home/username/.bash_history' to view the last commands entered by the user.

regards,
...drkstr

Here's how you get around the port block issue:

Go into /etc/ssh/sshd_config and change the port that the sshd daemon uses to one that isn't being blocked.

Then restart ssh.

That's one workaround.

Just make sure you specify what port you want to log into from yor command line:

ssh user@ipaddress -p PORT

thanx for reply DR AXE but all ports are blocked i guess there is no legal way arround

You want to do a reverse SSH connection to do that.

Take a look at this.

hey MS3FXG that link looks just great i will try it ASAP but that is what i was looking for IMAO

THANX for now

Yup Reverse SSH is the way to go.

Just in case you are lazy to go through the article/howto above.

#define REMOTE_MACH your_friend's machine
#define OPEN_MACH your machine

From REMOTE_MACH do this :That would open an ssh connection to your machine with a reverse tunnel.

So from OPEN_MACH do this :That would open an ssh connection to REMOTE_MACH.

Read for more details

If you are behind idiotic proxy, you can use proxytunnel from proxytunnel.sf.net.

1. Install proxytunnel
2. The commands to use would be

Please note that some proxy don't allow you to create an ssl connection to any port other than port 443 (https). So, your -d dest.address better listen to 443.

well i am trying to set that reverse ssh tunnel for couple of days w/o succes
first iv tried setup passwordles login i did change sshd config on #defined #REMOTE_MACH#(read above )

@@@@@@@@@@@@@@@@@@@@@@@@@@ SSHD CONFIG (part) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@


#Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

LoginGraceTime 1m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 2

#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
THEN i did setup cronjob with command ssh -R 10001:localhost:22 user@OPEN_MACH
where i did also generated public/private dsa key and cop it to #.ssh/authorized_keys#OPEN_MACH
now when i execute bash3.0#ssh -p 10001 remote@machine -v
i get this:
OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: Connecting to xx.xxx.xx.xx [xx.xxx.xx.xx] port 10001.
and it timesout
debug1 tells me that ssh reading ssh config instead of sshd config is that right?
as long as i am now getting littel confused about it i would appriciate any suggestions
in ssh config i do not see any dsa authorization option etc...
i did not check yet wheter passwordless is working i will check that ASAP
but i dont even see any ssh faillogs in /var/log/messages from REMOTE MACHINE
i am 100% sure the ssh is working i connected from both using password authentication
thanx for advice

1. I have a friend who was unabled to get non-interactive SSH login working with cron.

2. Try interactive SSH login first, as you said you will try. In any event, if non-interactive (passwordless) login fails, ssh will prompt you for password.

3. Can you ssh directly from OPEN_MACH to REMOTE_MACH without the reverse tunnel options, viz.
from your OPEN_MACH?

4. If not, are you behind a firewall/proxy? If you are, refer to my previous post.

Cheers!