[ale] ssh -R (was Re: Have I been hacked?)
Ed Cashin
ecashin at noserose.net
Fri Jan 9 12:31:31 EST 2009
On Fri, Jan 9, 2009 at 9:40 AM, Chris Kleeschulte
<chris.kleeschulte at it.libertydistribution.com> wrote:
> I use -R extensively to open "holes" in a firewall. It works nicely
> since I have to deal with customers that are behind nat devices all
> the time and I cannot or will not login to the admin account on the
> router.
>
>
> I just email them a small program that does this. I wrote an article
> on this:
>
>
> http://kleeschulte.blogspot.com/2007/09/how-to-create-reverse-ssh-tunnel.html
Neat article, thanks. :)
I can set up the tunnel but not use it. On the "customer computer"
(using the terminology from your article) I added "-v" to the ssh
command and see ...
debug1: client_request_forwarded_tcpip: listen localhost port 1100,
originator 127.0.0.1 port 57015
debug1: channel 0: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: channel 0: not connected: Connection refused
debug1: channel 0: free: 127.0.0.1, nchannels 1
On the other "remote" machine, I can see the listening
port.
meili:~# lsof -i | grep :1100
sshd 4030 ecashin 8u IPv4 18706 TCP
localhost:1100 (LISTEN)
sshd 4030 ecashin 9u IPv6 18707 TCP
ip6-localhost:1100 (LISTEN)
Maybe I need to fiddle
with /etc/hosts.allow on the customer machine. It has the line,
sshd: 127.0.0. : allow
... which ought to work, but meh.
--
Ed Cashin <ecashin at noserose.net>
More information about the Ale
mailing list