[Gllug] how do I ssh between different machines both behind 2 separate NA Ted firewalls
Paul Nasrat
pauln at truemesh.com
Mon Mar 24 15:40:00 UTC 2003
On Mon, Mar 24, 2003 at 02:41:06PM -0000, James Bailey wrote:
> Hi,
>
> I have been asked to make ssh connections between various machines which
> will be behind different NATed firewalls.
Can you access any machines via ssh? If so you can do ssh tunneling
>From your.workstation.example.com
ssh -l username -i ~username/.ssh/id_dsa -N -L \
2222:hidden-1.example.com:22 opentossh.example.com
> Anyone out there come across this kind of problem before and found a
> suitable solution. Links to suitable RTFMs appreciated if I have missed
> something obvious.
If you don't have any access to the servers but the firewall allows
outbound traffic to port 22 of a machine on your network you can reverse
tunnel back to your machine
>From hidden-1.example.com
ssh -l sshuser -i ~username/.ssh/id_dsa -N -R \
2222:hidden-1.example.com:22 remote.example.com
Then you can ssh from your.workstation.example.com to
remote.example.com:2222
Now if you don't have access you may have to get someone to do this,
then you can do a key exchange and get it to do on boot
As you don't have firewall access I'm guessing VPN's are a no go.
The other options may require making use of openssh's ProxyCommand and
something like httptunnel [1] or a SOCKS [2] if there is a remote
connection to a proxy. It really depends what services you can get at
via the remote firewall
Just found this site which may be of interest:
http://www.jfranken.de/homepages/johannes/vortraege/ssh3.en.html
Paul Nasrat
[1] http://www.nocrew.org/software/httptunnel.html
[2] http://www.imasy.or.jp/~gotoh/ssh/connect.html
--
An original IBM 4.77MHz PC reports 0.7 bogomips running Linux 8086, but
can still run a webserver! - Alan Cox http://elks.sourceforge.net/
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list