is there hope?... was Re: Re: [ale] ssh -D : the Coolest ssh trick yet.

Robert L. Harris Robert.L.Harris at rdlg.net
Thu Mar 20 09:35:11 EST 2003



Turn off ftp (ports 20 and 21) on your home machine and configure SSH to
listen on port 21 as well with the Port directive in
/etc/ssh/sshd_config.  Then just "ssh -p 21 ..."


Thus spake Jason Vinson (jason.vinson at mindspring.com):

> I am working on a contract in a pretty tight environment.  I have found ports 20, 21, and 80 open for incoming and outgoing, and I want to log into my home machine via ssh.  i can't do a standard ssh on port 22 because it's not open for outgoing or incoming connections, and my home machine only has 22 and 80 forwarded to a linux box on my network.  How can i log into home with this firewall in my way using ssh?  is there hope?
> 
> TIA,
> Jason
> 
> 
> -------Original Message-------
> From: "Robert L. Harris" <Robert.L.Harris at rdlg.net>
> Sent: 03/20/03 09:19 AM
> To: ale at ale.org
> Subject: Re: [ale] ssh -D : the Coolest ssh trick yet.
> 
> > 
> > 
> 
> WAIT!!!!  Useful Linux related information that's not blatanltly WAY off
> topic or politically motivated on the ALE list?????  MY GOD what is
> going on!!!!
> 
> 
> On a more serious note, great info, it's been archived :>
> 
> Thanks,
>   Robert
> 
> Thus spake David Bronson (dbron at roman.net):
> 
> > Thanks John (and Jason),
> > 
> > I use ssh daily but I haven't used the -D switch. You both should get an
> > Ale gift certificate or something valuable like that.
> > 
> > On Thu, Mar 20, 2003 at 09:08:29AM -0500, John Wells wrote:
> > > In response to a question of mine awhile back, Jason Day pointed out
> the
> > > -D flag to ssh, which allows ssh to function as a Socks v4 proxy.
> > > 
> > > Just wanted to forward this to the group, in case anyone missed it. 
> It
> > > has to be the coolest trick I've learned this year.  It essentially
> > > allows you to bypass any firewall or web filtering software (at least
> > > for those applications that support Socks v4 proxies).
> > > 
> > > So, for two years now I've been unable to do certain things from work
> > > because they required access via a web brower to uncommon port numbers
> > > (6801, etc.) that are blocked by our company's firewall.  I've also
> been
> > > wary that Big Brother watches everything I do online here at work. 
> Not
> > > that I do anything like surf for pr0n or anything like that, but it's
> > > just that unsettling feeling of being watched.
> > > 
> > > Anyway, ssh -D ends all that trouble.
> > > 
> > > Here's how you do it:
> > > 
> > > First, you have to have a box outside the firewall that you're able to
> > > ssh into.  I have a home mail server on my DSL connection, and that
> > > works just fine.  Second, your company's firewall has to allow ssh
> > > through (ours does, fortunately).
> > > 
> > > So, it's as simple as connecting to your home machine using the -D
> flag,
> > > followed by a port number that's not in use on your local machine.
> > > 
> > > ssh -D 5555 mylogin at my.homemachine.org
> > > 
> > > Once you're logged in, point whatever application you want to run
> > > through the proxy to localhost:5555.  For mozilla, go to
> > > Edit->Preferences->Advanced->Proxies.  Choose "Manual proxy
> > > configuration".  In the SOCKS HOST: box, put 127.0.0.1, and in the
> Port
> > > box to the right put 5555 (or whatever port you used).  Also, select
> the
> > > SOCKS v4 radio button below these boxes.
> > > 
> > > Ok out of the Preferences dialog, and there you go.  Secure web
> surfing
> > > from your company's LAN.
> > > 
> > > Make sure you don't close the terminal that's logged into your home
> > > machine while you're using this feature.
> > > 
> > > Thanks to Jason for pointing this out.
> > > 
> > > John
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > <a target=_blank
> href="http://www.ale.org/mailman/listinfo/ale">http://www.ale.org/mailman/listinfo/ale</a>
> > 
> > -- 
> > David Bronson
> > Network Administrator
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > <a target=_blank
> href="http://www.ale.org/mailman/listinfo/ale">http://www.ale.org/mailman/listinfo/ale</a>
> 
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                     | PGP Key ID: E344DA3B
>                                          @ x-hkp://pgp.mit.edu 
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> 
> Diagnosis: witzelsucht     	
> 
> IPv6 = robert at ipv6.rdlg.net   	<a target=_blank
> href="http://ipv6.rdlg.net">http://ipv6.rdlg.net</a>
> IPv4 = robert at mail.rdlg.net   	<a target=_blank
> href="http://www.rdlg.net">http://www.rdlg.net</a>
> > 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | PGP Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu 
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

Diagnosis: witzelsucht  	

IPv6 = robert at ipv6.rdlg.net	http://ipv6.rdlg.net
IPv4 = robert at mail.rdlg.net	http://www.rdlg.net

 PGP signature




More information about the Ale mailing list