Autossh Tunnel: Difference between revisions

From D3xt3r01.tk
Jump to navigationJump to search
 
(One intermediate revision by the same user not shown)
Line 31: Line 31:


iptables -A INPUT -p tcp --dport -j DROP
iptables -A INPUT -p tcp --dport -j DROP
</code>
Afterwards, you can just add this to your /etc/crontab
<code lang="bash">
*/1 * * * * root flock -xon /root/ssh.lock -c "autossh -M 5122 -R 1942:localhost:5522 user@192.168.1.95 -p 5522 -i .ssh/key -N" >/tmp/autossh_log 2>&1 &
</code>
</code>

Latest revision as of 20:56, 22 July 2013

WHY

Because I want remote access somewhere without others having access to that machine.

HOW

Create a user on your machine, set his public_key on his account ( ~/.ssh/authorized_keys ). Transfer the private key to THAT machine.

Change his login to /sbin/nologin, he doesn't need to get in your box, you need to get into his.

Also, on the remote machine, be sure to have your user with a key ( disable the password login ).

Install autossh on the remote machine.

autossh -M 5122 -R 1942:localhost:5522 user@192.168.1.95 -p 5522 -i .ssh/key -N

What these mean:

-M is the control port ( 5123 will be the echo port )

1942:localhost:5522 - means that it'll open port 1942 on YOUR machine and will forward everything to port 5522 on THAT machine ( I have ssh set on 5522 )

The rest is just ssh telling to go login with the user on host 192.168.1.95 on port 5522 ( yes, I have 5522 set up in sshd_config on both my and the remote machine ) with the private key and -N tells not to execute a command ( if it tries to .. it'll fail and disconnect because of /sbin/nologin )

After this, you can connect from your machine to localhost:1942 and safely do:

iptables -I INPUT -p tcp --dport 5522 -j ACCEPT

iptables -A INPUT -p tcp --dport -j DROP

Afterwards, you can just add this to your /etc/crontab

  • /1 * * * * root flock -xon /root/ssh.lock -c "autossh -M 5122 -R 1942:localhost:5522 user@192.168.1.95 -p 5522 -i .ssh/key -N" >/tmp/autossh_log 2>&1 &