LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-19-2014, 05:57 PM   #1
slacker_
Member
 
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333

Rep: Reputation: 3
is there a site that would be possible to act as an in between for reverse ssh?


What I'm wanting to do is be able to ssh to my home server from outside the network. I don't have admin access to the router at my house so portforwarding is out of the question. After some googling I found this possible solution. The only problem with it is I don't have a server hosted outside the network like that though, and I don't have money to buy server space (even if it is only a small amount, enough to act as this ssh go-between).

So the question I can't google is, is there a site out there that offers anonymous, temporary hosting for a person to ssh to from home, then from a remote location ssh to that site, then to the home computer?
 
Old 06-19-2014, 09:40 PM   #2
coralfang
Member
 
Registered: Nov 2010
Location: Bristol, UK
Distribution: Slackware, FreeBSD
Posts: 836
Blog Entries: 3

Rep: Reputation: 297Reputation: 297Reputation: 297
Have you thought about using email to "knock", and then telling your server to connect back to you?

You could do that with netcat (or cryptcat, probably better choice) to open a reverse shell. There's hundreds of ways you could set it up like that. SMS, phonecall, fax (lol), etc.

Have a script check an email account for a subject containing "connect x.x.x.x", you send an email, and then have the script open a reverse shell to the address in the subject.
 
Old 06-20-2014, 05:19 AM   #3
slacker_
Member
 
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by coralfang View Post
Have you thought about using email to "knock", and then telling your server to connect back to you?

You could do that with netcat (or cryptcat, probably better choice) to open a reverse shell. There's hundreds of ways you could set it up like that. SMS, phonecall, fax (lol), etc.

Have a script check an email account for a subject containing "connect x.x.x.x", you send an email, and then have the script open a reverse shell to the address in the subject.
That... is brilliant. I am rather inexperienced in this area. Could you perhaps offer an example with netcat (or cryptcat) checking for email, from start to finish what would be needed? I tried googling but all I found was a generic article regarding TCP and netcat, which doesn't help me much.
 
Old 06-20-2014, 12:34 PM   #4
coralfang
Member
 
Registered: Nov 2010
Location: Bristol, UK
Distribution: Slackware, FreeBSD
Posts: 836
Blog Entries: 3

Rep: Reputation: 297Reputation: 297Reputation: 297
Tbh, i don't think netcat is neccesary for what you want to do (it might not be fully functional), i looked at the -R option for ssh, and i guess you could do this with just the ssh command:


Code:
$ ssh -R 192.168.0.88:1337:127.0.0.1:22 user@192.168.0.88
eg;
ssh -R <server ip>:<server incoming port>:<your ip>:22 <user@><server ip>

If that way doesn't work, you could use netcat or cryptcat for a basic shell to run commands, but you'd have to write a script to parse emails from an account (localmail, pop3, imap, etc) if you chose to notify the server of your current ip address, to then run the command
Code:
$ nc <your ip> <port>
on your server.

...and on your machine
Code:
$ nc -l <port>
Something like that.
 
Old 06-20-2014, 05:45 PM   #5
slacker_
Member
 
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by coralfang View Post
Tbh, i don't think netcat is neccesary for what you want to do (it might not be fully functional), i looked at the -R option for ssh, and i guess you could do this with just the ssh command:


Code:
$ ssh -R 192.168.0.88:1337:127.0.0.1:22 user@192.168.0.88
eg;
ssh -R <server ip>:<server incoming port>:<your ip>:22 <user@><server ip>

If that way doesn't work, you could use netcat or cryptcat for a basic shell to run commands, but you'd have to write a script to parse emails from an account (localmail, pop3, imap, etc) if you chose to notify the server of your current ip address, to then run the command
Code:
$ nc <your ip> <port>
on your server.

...and on your machine
Code:
$ nc -l <port>
Something like that.
So, I'm not sure I even understand fully what netcat/cryptcat are. But that's the least confusing thing here.

Like I said before, I'm quite new to these things, so please excuse the possibly stupid questions.

Let's say, for an example, I'm sitting at my local public library using their free wifi. I need to connect to my ssh server at home, which is behind a router on which I cannot setup port forwarding. If I'm understanding correctly, there's a way to send an email to a host (say, gmail) that my server will check, and the email will contain my ipaddress at the library which my server will then extract from the email and use to run
Code:
ssh -R <home_server_ip>:<server_port>:localhost:<ssh_port> <user_on_laptop>@<lib_ip>
But I'm not really sure how that would work because that doesn't seem to account for how to connect to my client (laptop) computer at the lib, since we'd need to specify a port for that with the lib router as well, right? Or am I mistaken...? I think where I'm getting confused is, at the lib my public ip would probably be unique, but could also be shared depending on how their router is setup. And if I was at a friends house, and I tried to use this technique, my pub-ip would definitely be shared by others in that house, so something would need to be setup to get around that, I think... But I may be wrong.

After a bit of searching I found Procmail which seems like it'd be useful for the receiving and parsing of the email, but I'm not sure how to do any of the rest of that.

Last edited by slacker_; 06-20-2014 at 06:03 PM.
 
Old 06-25-2014, 04:33 AM   #6
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,495
Blog Entries: 3

Rep: Reputation: 3812Reputation: 3812Reputation: 3812Reputation: 3812Reputation: 3812Reputation: 3812Reputation: 3812Reputation: 3812Reputation: 3812Reputation: 3812Reputation: 3812
Cheapest, also in terms of maintenance, would have been to arrange with whoever does have admin access to your home router to forward some arbitrary port on the router to port 22 on your home box.

For reverse tunneling (-R) to work you'll need some third machine outside somewhere that allows incoming SSH connections. It is best if it is a machine that is available 24/7 so you can use it when you need it. If a friend cannot set you up with a shell account, you can pay up and get an inexpensive VPS. It's a bit of overkill to use a full VPS for that by itself, all it needs to run is OpenSSH-server so if there are others to split the cost with, do that.

Anyway, once you have an outside box, set up a reverse forwarding and leave the connection open:

Code:
ssh -fNT -R 3033:localhost:22 -l slacker relay

+---------+             +-------+
|         +22<==========+<<<<<<<+3033
| homebox |             | relay |
+---------+             +-------+
Then if you connect from the outside to the relay on the designated port, it will get forwarded to your home box. Be sure open that port on the relay (or else you will have to make a second tunnel just to get to that).

Code:
ssh -p 3033 -l slacker relay

+---------+             +-------+          +----------+
|         +22<==========+<<<<<<<+3033<-----+          |
| homebox |             | relay |          | notebook |
+---------+             +-------+          +----------+
Once you have the basic setup working, you can automate the connection with a script and dedicated keys with embedded command= in them.
 
  


Reply

Tags
ssh forwarding, ssh remote


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Reverse Tunneling / Reverse port forwarding in SSH dynamics Linux - Networking 5 02-07-2017 07:19 AM
SSH Reverse Tunnel - ~/.ssh/config - PHP marcelp1 Linux - Newbie 1 05-28-2014 12:49 AM
[SOLVED] SSH to act as NFS share paranoid times Linux - General 2 10-17-2011 07:38 PM
LXer: More Linux Site Hacks, ReactOS Ready to Go, Obama Signs 'America Invents Act' LXer Syndicated Linux News 0 09-17-2011 12:51 AM
Apache Reverse Proxy, an entire site? colincraig127 Linux - Software 0 03-20-2008 04:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration