LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 08-05-2006, 10:31 PM   #1
evzen
LQ Newbie
 
Registered: May 2006
Location: FFFF0h PowerGood
Distribution: SLACKWARE 11
Posts: 9

Rep: Reputation: 0
Cool SSH question


hey everybody, my friend depending on his lanlords router. she wont let us forward port for ssh as long as she think it could be dangerous for her running WINBLOWS behind same router so my friend can easy ssh me but i dont know how to ssh him as long as his IP is 192.168.0.3 (behind routers IP). Well here is what i am thinking :Q#1 can i take somehow over the session when he SSH me and connect through his sesson ? Q#2 also would be interesting to know (for me) how do i see in real time what people are doing on my box through SSH thanx a bunch for advice

Last edited by evzen; 08-06-2006 at 12:40 AM.
 
Old 08-06-2006, 12:11 AM   #2
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Rep: Reputation: 45
Quote:
Q#1 can i take somehow over the session when he SSH me and connect through his sesson ?
hmm, I'm not sure if this is possible without extensive programming. I am interested to find out myself.

Quote:
Q#2 also would be interesting to know (for me) how do i see in real time what people are doing on my box through SSH
Any commands entered are added to /home/username/.bash_history (assumming bash is the default shell). Just run 'tail /home/username/.bash_history' to view the last commands entered by the user.

regards,
...drkstr
 
Old 08-06-2006, 12:14 AM   #3
DrAxeman
Member
 
Registered: Jun 2004
Location: State of Confusion
Distribution: My other OS is your Solaris box.
Posts: 84

Rep: Reputation: 15
Here's how you get around the port block issue:

Go into /etc/ssh/sshd_config and change the port that the sshd daemon uses to one that isn't being blocked.

Then restart ssh.

That's one workaround.

Just make sure you specify what port you want to log into from yor command line:

ssh user@ipaddress -p PORT
 
Old 08-06-2006, 12:45 AM   #4
evzen
LQ Newbie
 
Registered: May 2006
Location: FFFF0h PowerGood
Distribution: SLACKWARE 11
Posts: 9

Original Poster
Rep: Reputation: 0
Talking Ssh

thanx for reply DR AXE but all ports are blocked i guess there is no legal way arround
 
Old 08-06-2006, 12:54 AM   #5
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 361Reputation: 361Reputation: 361Reputation: 361
You want to do a reverse SSH connection to do that.

Take a look at this.
 
Old 08-06-2006, 01:47 AM   #6
evzen
LQ Newbie
 
Registered: May 2006
Location: FFFF0h PowerGood
Distribution: SLACKWARE 11
Posts: 9

Original Poster
Rep: Reputation: 0
Talking Ssh

hey MS3FXG that link looks just great i will try it ASAP but that is what i was looking for IMAO

THANX for now
 
Old 08-06-2006, 01:49 AM   #7
carboncopy
Senior Member
 
Registered: Jan 2003
Location: Malaysia
Posts: 1,210
Blog Entries: 4

Rep: Reputation: 45
Yup Reverse SSH is the way to go.

Just in case you are lazy to go through the article/howto above.

#define REMOTE_MACH your_friend's machine
#define OPEN_MACH your machine

From REMOTE_MACH do this :
Code:
ssh -R 10001:localhost:22 user@OPEN_MACH
That would open an ssh connection to your machine with a reverse tunnel.

So from OPEN_MACH do this :
Code:
ssh -p 10001 user@localhost
That would open an ssh connection to REMOTE_MACH.

Read
Code:
man ssh
for more details

If you are behind idiotic proxy, you can use proxytunnel from proxytunnel.sf.net.

1. Install proxytunnel
2. The commands to use would be

Code:
ssh -o "ProxyCommand proxytunnel -p proxy.address:PORT -d dest.address:PORT" user@dest.address
Please note that some proxy don't allow you to create an ssl connection to any port other than port 443 (https). So, your -d dest.address better listen to 443.

Last edited by carboncopy; 08-06-2006 at 01:50 AM.
 
Old 08-10-2006, 06:25 PM   #8
evzen
LQ Newbie
 
Registered: May 2006
Location: FFFF0h PowerGood
Distribution: SLACKWARE 11
Posts: 9

Original Poster
Rep: Reputation: 0
Talking Ssh

well i am trying to set that reverse ssh tunnel for couple of days w/o succes
first iv tried setup passwordles login i did change sshd config on #defined #REMOTE_MACH#(read above )

@@@@@@@@@@@@@@@@@@@@@@@@@@ SSHD CONFIG (part) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@


#Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

LoginGraceTime 1m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 2

#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
THEN i did setup cronjob with command ssh -R 10001:localhost:22 user@OPEN_MACH
where i did also generated public/private dsa key and cop it to #.ssh/authorized_keys#OPEN_MACH
now when i execute bash3.0#ssh -p 10001 remote@machine -v
i get this:
OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: Connecting to xx.xxx.xx.xx [xx.xxx.xx.xx] port 10001.
and it timesout
debug1 tells me that ssh reading ssh config instead of sshd config is that right?
as long as i am now getting littel confused about it i would appriciate any suggestions
in ssh config i do not see any dsa authorization option etc...
i did not check yet wheter passwordless is working i will check that ASAP
but i dont even see any ssh faillogs in /var/log/messages from REMOTE MACHINE
i am 100% sure the ssh is working i connected from both using password authentication
thanx for advice

Last edited by evzen; 08-10-2006 at 06:36 PM.
 
Old 08-26-2006, 11:31 AM   #9
carboncopy
Senior Member
 
Registered: Jan 2003
Location: Malaysia
Posts: 1,210
Blog Entries: 4

Rep: Reputation: 45
1. I have a friend who was unabled to get non-interactive SSH login working with cron.

2. Try interactive SSH login first, as you said you will try. In any event, if non-interactive (passwordless) login fails, ssh will prompt you for password.

3. Can you ssh directly from OPEN_MACH to REMOTE_MACH without the reverse tunnel options, viz.
Code:
ssh user@REMOTE_MACH
from your OPEN_MACH?

4. If not, are you behind a firewall/proxy? If you are, refer to my previous post.

Cheers!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH question gauge73 Linux - Security 9 07-02-2005 02:37 AM
ssh-agent/ssh-add question mega Slackware 2 01-26-2005 03:09 AM
ssh question Smokey Slackware 1 11-24-2004 03:39 PM
question about SSH Blu-star Linux - Security 2 12-21-2003 10:07 AM
ssh question nautilus_1987 Linux - Security 14 11-01-2002 01:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 11:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration