[Gllug] KVM-over-internet

Philip Hands phil at hands.com
Thu Feb 2 11:05:03 UTC 2012


On Wed, 01 Feb 2012 18:05:01 +0000, Rich Walker <rw at shadowrobot.com> wrote:
> James Courtier-Dutton <james.dutton at gmail.com> writes:
> 
> > On 31 January 2012 15:50, Rich Walker <rw at shadowrobot.com> wrote:
> >>
> >> This isn't server installations, unfortunately - it's specific embedded
> >> hardware being delivered as part of a package, with a customer whose
> >> network is usually locked down in all sorts of ways. The KVM->router->3G
> >> dongle approach will probably be the final solution...
> >>
> >
> > "locked down" and "having a 3G dongle" seem to be contradicting.
> > If you do put 3G dongle there, make sure the customer knows what you
> > are doing and that it does not bypass any of their lock down policy.
> > Mobile phones in machine rooms is sometimes against policy at some sites.
> 
> Not "locked down as in guards", just "locked down as in we can't ssh to
> and fro freely". Or, sometimes, get an IP address for a piece of
> hardware we brought.

Can locals ssh to you?

If so, you could always talk them through using -R (or whatever the
putty equivalent is) to open a port on your computer back to the new
device, and then use that to do the work.

To do that, you set up a guest account on a machine with public ssh
access, preferably making it so that they don't get a shell once logged
in, but instead a message telling them that their in, or a menu letting
them log back out again.  Then you tell them to do:

  ssh -R 1234:$TARGET:22 guest@$PUBLIC_SSH_SERVER

Then once they're in (having used whatever credentials you allowed) you
run ssh on the public ssh server, thus:

  ssh -p 1234 root at localhost

obviously, "1234", "guest" and "root" are all things you might want to
change, and $TARGET and $PUBLIC_SSH_SERVER need to be set or replaced
with something appropriate, $TARGET being the local IP address of name
of the target box, as reachable from the box where they're running ssh
for you.

Doesn't help in the case where the device isn't getting an IP though.

Cheers, Phil.
-- 
|)|  Philip Hands [+44 (0)20 8530 9560]    http://www.hands.com/
|-|  HANDS.COM Ltd.                    http://www.uk.debian.org/
|(|  10 Onslow Gardens, South Woodford, London  E18 1NE  ENGLAND
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20120202/3a4a9845/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list