LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   how to m$ win client+firewall to linux sshd and use linux to access the M$ computer (https://www.linuxquestions.org/questions/linux-networking-3/how-to-m%24-win-client-firewall-to-linux-sshd-and-use-linux-to-access-the-m%24-computer-180413/)

c_mitulescu 05-11-2004 03:50 PM
how to m$ win client+firewall to linux sshd and use linux to access the M$ computer
 
Hi,
I was wondering how can I connect from my home computer(Mandrake Linux 10) which is acting as an sshd server to my work computer(WinXP) acting as ssh client and behind a firewall on the company network?
I usually connect from work to my Linux machine with ssh+putty+vnc but the Windows machine can not be configured in the same way(installing openssh server) as I am not admin and at work our network is behind a firewall.
I recall years ago when I was in University and behind a firewall I allowed a guy(outside the network) to connect to my computer by initiating an ssh connection to his ssh server and then he could connect to me.

I would like to do this in order to transfer files from home to work. Thanks

david_ross 05-11-2004 03:59 PM
You wouldn't need the server on the inside.

1) Start a vnc server on your work machine.
2) Remember to set a vnc password and allow loopback connections.
3) Using putty edit the configuration to forward a remote port of 5900 (assuming you don't have a vnc server running on the Mandrake box) and use a local ip and port of "127.0.0.1:5900".
4) Connect to the makdrake box (you may want to save this profile in putty). Once you are logged in you can confirm that the port has been forwarded with:
netstat -nlp | grep 5900
5) When you are at home on your Mandrake box run:
vncviewer 127.0.0.1

This should give you a vnc window to your work machine. You will need to leave the work machine running with putty - since you probably don't want to leave it running and logged into a shell you might want to set the putty options not to start a shell.

VNC is quite a network intensive protocol so if you have an rdp or citrix server on the windows box it would be a bit quicker.

c_mitulescu 05-11-2004 04:05 PM
But how would I transfer files from home from/to linux to work?

david_ross 05-11-2004 04:12 PM
You could use ftp or scp (winscp). I didn't actually notice that you just wanted to transfer files - my mistake. If you just want to transfer files then qutie similar to the above:

1) Start an ftp server on your work machine (there are quite a few decent free ones for windows).
2) Add an ftp user to the server.
3) Using putty edit the configuration to forward a remote port of 10021 (since you probably have ftp server running on the Mandrake box) and use a local ip and port of "127.0.0.1:21".
4) Connect to the makdrake box (you may want to save this profile in putty). Once you are logged in you can confirm that the port has been forwarded with:
netstat -nlp | grep 10021
5) When you are at home on your Mandrake box you can ftp with:
ftp 127.0.0.1:10021

Or use any ftp client with host "127.0.0.1" and port "10021".

rossd 05-11-2004 06:13 PM
ssh port forwarding is both, from a security perspective, both a blessing and a nightmare. The nightmare comes from the fact that anyone, with a little bit of knowledge, can completely circumvent any firewall that allows outbound SSH connections. Well, actually, any firewall that allows *any* outbound tcp connections can be tunneled through.

The basic idea is that I ssh from behind the firewall to some box 'on the outside.' While I am doing it, I tell the 'outside' machine to listen on any arbitrary port, and 'forward' that data across the existing ssh connection to any arbitrary port on any other machine. For example, when I worked as a System Administrator at a larger corporation that had no external connectivity, I used an ssh connection from my Linux desktop at the office to a Linux server I ran at home. By doing that, I could 'telnet' to a given host on my local box and end up on my desktop at work as if I had connected to it directly.

Now before any of you security buffs out there jump on me for using telnet - keep in mind that this is getting tunneled through an already encrypted ssh connection. So the unencrypted telnet data never exists outside of the TCP/IP stack on each box. Of course, I could have forwarded SSH connections - but why use ssh to encrypt and already ssh-encrypted connection, eh?

c_mitulescu 05-12-2004 09:20 AM
if the ssh connection from the ms win computer to my home linux is done with userx(user of linux machine) then can I use the tunnel from home if I am logged in to my linux box as usery?
Also if I stop my samba server on my linux box could I connect to my shared directory on the windows computer?
Any details on how that would be achieved would be of great help.
Thank you.
ps I can not install any servers such as the ones suggested in the replies eg FTP,VNC on the work machine

LuggerHouse 05-12-2004 01:00 PM
HUmmmmmmmmmm... I wish you dont work at me company ;-)

c_mitulescu 05-14-2004 12:56 PM
I think I'm safe as the entire IT department 1xIT director + 1xIT manager +1xIT support/friend of IT manager(who got the IT job instead of me) spend their entire time on the phone to microsoft/dell purchasing licences and getting support for their daily point and click activity(describing their job in the nicest possible way). SSwhat? Liwhat? Open what?
Incredible how all of them have years of "experience" and the best solution they can come up with(through tunnel vision) is calling Dell to ask what M$ product they can throw some tens of thousands of pounds at to have a simple intranet solution.


All times are GMT -5. The time now is 05:48 PM.