Autossh Tunnel: Difference between revisions

From D3xt3r01.tk
Jump to navigationJump to search
Line 8: Line 8:


Change his login to /sbin/nologin, he doesn't need to get in your box, you need to get into his.
Change his login to /sbin/nologin, he doesn't need to get in your box, you need to get into his.
Also, on the remote machine, be sure to have your user with a key ( disable the password login ).


Install autossh on the remote machine.
Install autossh on the remote machine.
Line 19: Line 21:
-M is the control port ( 5123 will be the echo port )
-M is the control port ( 5123 will be the echo port )


1942:localhost:5522 - means that it'll open port 1942 on YOUR machine and will forward everything to port 5522 on THAT machine ( I have ssh set on 5522
1942:localhost:5522 - means that it'll open port 1942 on YOUR machine and will forward everything to port 5522 on THAT machine ( I have ssh set on 5522 )


The rest is just ssh telling to go login with the user on host 192.168.1.95 on port 5522 ( yes, I have 5522 set up in sshd_config on both my and the remote machine ) with the private key and -N tells not to execute a command ( if it tries to .. it'll fail and disconnect because of /sbin/nologin )
The rest is just ssh telling to go login with the user on host 192.168.1.95 on port 5522 ( yes, I have 5522 set up in sshd_config on both my and the remote machine ) with the private key and -N tells not to execute a command ( if it tries to .. it'll fail and disconnect because of /sbin/nologin )
After this, you can connect from your machine to localhost:1942 and safely do:
<code lang="bash">
iptables -I INPUT -p tcp --dport 5522 -j ACCEPT
iptables -A INPUT -p tcp --dport -j DROP
</code>

Revision as of 20:34, 22 July 2013

WHY

Because I want remote access somewhere without others having access to that machine.

HOW

Create a user on your machine, set his public_key on his account ( ~/.ssh/authorized_keys ). Transfer the private key to THAT machine.

Change his login to /sbin/nologin, he doesn't need to get in your box, you need to get into his.

Also, on the remote machine, be sure to have your user with a key ( disable the password login ).

Install autossh on the remote machine.

autossh -M 5122 -R 1942:localhost:5522 user@192.168.1.95 -p 5522 -i .ssh/key -N

What these mean:

-M is the control port ( 5123 will be the echo port )

1942:localhost:5522 - means that it'll open port 1942 on YOUR machine and will forward everything to port 5522 on THAT machine ( I have ssh set on 5522 )

The rest is just ssh telling to go login with the user on host 192.168.1.95 on port 5522 ( yes, I have 5522 set up in sshd_config on both my and the remote machine ) with the private key and -N tells not to execute a command ( if it tries to .. it'll fail and disconnect because of /sbin/nologin )

After this, you can connect from your machine to localhost:1942 and safely do: iptables -I INPUT -p tcp --dport 5522 -j ACCEPT iptables -A INPUT -p tcp --dport -j DROP