Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-19-2014, 05:57 PM
|
#1
|
Member
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333
Rep:
|
is there a site that would be possible to act as an in between for reverse ssh?
What I'm wanting to do is be able to ssh to my home server from outside the network. I don't have admin access to the router at my house so portforwarding is out of the question. After some googling I found this possible solution. The only problem with it is I don't have a server hosted outside the network like that though, and I don't have money to buy server space (even if it is only a small amount, enough to act as this ssh go-between).
So the question I can't google is, is there a site out there that offers anonymous, temporary hosting for a person to ssh to from home, then from a remote location ssh to that site, then to the home computer?
|
|
|
06-19-2014, 09:40 PM
|
#2
|
Member
Registered: Nov 2010
Location: Bristol, UK
Distribution: Slackware, FreeBSD
Posts: 836
|
Have you thought about using email to "knock", and then telling your server to connect back to you?
You could do that with netcat (or cryptcat, probably better choice) to open a reverse shell. There's hundreds of ways you could set it up like that. SMS, phonecall, fax (lol), etc.
Have a script check an email account for a subject containing "connect x.x.x.x", you send an email, and then have the script open a reverse shell to the address in the subject.
|
|
|
06-20-2014, 05:19 AM
|
#3
|
Member
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333
Original Poster
Rep:
|
Quote:
Originally Posted by coralfang
Have you thought about using email to "knock", and then telling your server to connect back to you?
You could do that with netcat (or cryptcat, probably better choice) to open a reverse shell. There's hundreds of ways you could set it up like that. SMS, phonecall, fax (lol), etc.
Have a script check an email account for a subject containing "connect x.x.x.x", you send an email, and then have the script open a reverse shell to the address in the subject.
|
That... is brilliant. I am rather inexperienced in this area. Could you perhaps offer an example with netcat (or cryptcat) checking for email, from start to finish what would be needed? I tried googling but all I found was a generic article regarding TCP and netcat, which doesn't help me much.
|
|
|
06-20-2014, 12:34 PM
|
#4
|
Member
Registered: Nov 2010
Location: Bristol, UK
Distribution: Slackware, FreeBSD
Posts: 836
|
Tbh, i don't think netcat is neccesary for what you want to do (it might not be fully functional), i looked at the -R option for ssh, and i guess you could do this with just the ssh command:
Code:
$ ssh -R 192.168.0.88:1337:127.0.0.1:22 user@192.168.0.88
eg;
ssh -R <server ip>:<server incoming port>:<your ip>:22 <user@><server ip>
If that way doesn't work, you could use netcat or cryptcat for a basic shell to run commands, but you'd have to write a script to parse emails from an account (localmail, pop3, imap, etc) if you chose to notify the server of your current ip address, to then run the command
Code:
$ nc <your ip> <port>
on your server.
...and on your machine Something like that.
|
|
|
06-20-2014, 05:45 PM
|
#5
|
Member
Registered: Aug 2013
Distribution: Arch, Debian, Slackware
Posts: 333
Original Poster
Rep:
|
Quote:
Originally Posted by coralfang
Tbh, i don't think netcat is neccesary for what you want to do (it might not be fully functional), i looked at the -R option for ssh, and i guess you could do this with just the ssh command:
Code:
$ ssh -R 192.168.0.88:1337:127.0.0.1:22 user@192.168.0.88
eg;
ssh -R <server ip>:<server incoming port>:<your ip>:22 <user@><server ip>
If that way doesn't work, you could use netcat or cryptcat for a basic shell to run commands, but you'd have to write a script to parse emails from an account (localmail, pop3, imap, etc) if you chose to notify the server of your current ip address, to then run the command
Code:
$ nc <your ip> <port>
on your server.
...and on your machine Something like that.
|
So, I'm not sure I even understand fully what netcat/cryptcat are. But that's the least confusing thing here.
Like I said before, I'm quite new to these things, so please excuse the possibly stupid questions.
Let's say, for an example, I'm sitting at my local public library using their free wifi. I need to connect to my ssh server at home, which is behind a router on which I cannot setup port forwarding. If I'm understanding correctly, there's a way to send an email to a host (say, gmail) that my server will check, and the email will contain my ipaddress at the library which my server will then extract from the email and use to run
Code:
ssh -R <home_server_ip>:<server_port>:localhost:<ssh_port> <user_on_laptop>@<lib_ip>
But I'm not really sure how that would work because that doesn't seem to account for how to connect to my client (laptop) computer at the lib, since we'd need to specify a port for that with the lib router as well, right? Or am I mistaken...? I think where I'm getting confused is, at the lib my public ip would probably be unique, but could also be shared depending on how their router is setup. And if I was at a friends house, and I tried to use this technique, my pub-ip would definitely be shared by others in that house, so something would need to be setup to get around that, I think... But I may be wrong.
After a bit of searching I found Procmail which seems like it'd be useful for the receiving and parsing of the email, but I'm not sure how to do any of the rest of that.
Last edited by slacker_; 06-20-2014 at 06:03 PM.
|
|
|
06-25-2014, 04:33 AM
|
#6
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,495
|
Cheapest, also in terms of maintenance, would have been to arrange with whoever does have admin access to your home router to forward some arbitrary port on the router to port 22 on your home box.
For reverse tunneling (-R) to work you'll need some third machine outside somewhere that allows incoming SSH connections. It is best if it is a machine that is available 24/7 so you can use it when you need it. If a friend cannot set you up with a shell account, you can pay up and get an inexpensive VPS. It's a bit of overkill to use a full VPS for that by itself, all it needs to run is OpenSSH-server so if there are others to split the cost with, do that.
Anyway, once you have an outside box, set up a reverse forwarding and leave the connection open:
Code:
ssh -fNT -R 3033:localhost:22 -l slacker relay
+---------+ +-------+
| +22<==========+<<<<<<<+3033
| homebox | | relay |
+---------+ +-------+
Then if you connect from the outside to the relay on the designated port, it will get forwarded to your home box. Be sure open that port on the relay (or else you will have to make a second tunnel just to get to that).
Code:
ssh -p 3033 -l slacker relay
+---------+ +-------+ +----------+
| +22<==========+<<<<<<<+3033<-----+ |
| homebox | | relay | | notebook |
+---------+ +-------+ +----------+
Once you have the basic setup working, you can automate the connection with a script and dedicated keys with embedded command= in them.
|
|
|
All times are GMT -5. The time now is 11:47 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|