is there hope?... was Re: Re: [ale] ssh -D : the Coolest ssh trick yet.
Robert L. Harris
Robert.L.Harris at rdlg.net
Thu Mar 20 09:35:11 EST 2003
Turn off ftp (ports 20 and 21) on your home machine and configure SSH to
listen on port 21 as well with the Port directive in
/etc/ssh/sshd_config. Then just "ssh -p 21 ..."
Thus spake Jason Vinson (jason.vinson at mindspring.com):
> I am working on a contract in a pretty tight environment. I have found ports 20, 21, and 80 open for incoming and outgoing, and I want to log into my home machine via ssh. i can't do a standard ssh on port 22 because it's not open for outgoing or incoming connections, and my home machine only has 22 and 80 forwarded to a linux box on my network. How can i log into home with this firewall in my way using ssh? is there hope?
>
> TIA,
> Jason
>
>
> -------Original Message-------
> From: "Robert L. Harris" <Robert.L.Harris at rdlg.net>
> Sent: 03/20/03 09:19 AM
> To: ale at ale.org
> Subject: Re: [ale] ssh -D : the Coolest ssh trick yet.
>
> >
> >
>
> WAIT!!!! Useful Linux related information that's not blatanltly WAY off
> topic or politically motivated on the ALE list????? MY GOD what is
> going on!!!!
>
>
> On a more serious note, great info, it's been archived :>
>
> Thanks,
> Robert
>
> Thus spake David Bronson (dbron at roman.net):
>
> > Thanks John (and Jason),
> >
> > I use ssh daily but I haven't used the -D switch. You both should get an
> > Ale gift certificate or something valuable like that.
> >
> > On Thu, Mar 20, 2003 at 09:08:29AM -0500, John Wells wrote:
> > > In response to a question of mine awhile back, Jason Day pointed out
> the
> > > -D flag to ssh, which allows ssh to function as a Socks v4 proxy.
> > >
> > > Just wanted to forward this to the group, in case anyone missed it.
> It
> > > has to be the coolest trick I've learned this year. It essentially
> > > allows you to bypass any firewall or web filtering software (at least
> > > for those applications that support Socks v4 proxies).
> > >
> > > So, for two years now I've been unable to do certain things from work
> > > because they required access via a web brower to uncommon port numbers
> > > (6801, etc.) that are blocked by our company's firewall. I've also
> been
> > > wary that Big Brother watches everything I do online here at work.
> Not
> > > that I do anything like surf for pr0n or anything like that, but it's
> > > just that unsettling feeling of being watched.
> > >
> > > Anyway, ssh -D ends all that trouble.
> > >
> > > Here's how you do it:
> > >
> > > First, you have to have a box outside the firewall that you're able to
> > > ssh into. I have a home mail server on my DSL connection, and that
> > > works just fine. Second, your company's firewall has to allow ssh
> > > through (ours does, fortunately).
> > >
> > > So, it's as simple as connecting to your home machine using the -D
> flag,
> > > followed by a port number that's not in use on your local machine.
> > >
> > > ssh -D 5555 mylogin at my.homemachine.org
> > >
> > > Once you're logged in, point whatever application you want to run
> > > through the proxy to localhost:5555. For mozilla, go to
> > > Edit->Preferences->Advanced->Proxies. Choose "Manual proxy
> > > configuration". In the SOCKS HOST: box, put 127.0.0.1, and in the
> Port
> > > box to the right put 5555 (or whatever port you used). Also, select
> the
> > > SOCKS v4 radio button below these boxes.
> > >
> > > Ok out of the Preferences dialog, and there you go. Secure web
> surfing
> > > from your company's LAN.
> > >
> > > Make sure you don't close the terminal that's logged into your home
> > > machine while you're using this feature.
> > >
> > > Thanks to Jason for pointing this out.
> > >
> > > John
> > >
> > >
> > >
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > <a target=_blank
> href="http://www.ale.org/mailman/listinfo/ale">http://www.ale.org/mailman/listinfo/ale</a>
> >
> > --
> > David Bronson
> > Network Administrator
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > <a target=_blank
> href="http://www.ale.org/mailman/listinfo/ale">http://www.ale.org/mailman/listinfo/ale</a>
>
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris | PGP Key ID: E344DA3B
> @ x-hkp://pgp.mit.edu
> DISCLAIMER:
> These are MY OPINIONS ALONE. I speak for no-one else.
>
> Diagnosis: witzelsucht
>
> IPv6 = robert at ipv6.rdlg.net <a target=_blank
> href="http://ipv6.rdlg.net">http://ipv6.rdlg.net</a>
> IPv4 = robert at mail.rdlg.net <a target=_blank
> href="http://www.rdlg.net">http://www.rdlg.net</a>
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
:wq!
---------------------------------------------------------------------------
Robert L. Harris | PGP Key ID: E344DA3B
@ x-hkp://pgp.mit.edu
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
Diagnosis: witzelsucht
IPv6 = robert at ipv6.rdlg.net http://ipv6.rdlg.net
IPv4 = robert at mail.rdlg.net http://www.rdlg.net
PGP signature
More information about the Ale
mailing list