Zhang Weiwu wrote at 2009-11-10 20:36 -0600: > Hello. I have a remote server inside a remote office covered by NAT > masquerade where port forwarding not possible, and a local server in my > local office not covered by NAT masquerade. In order to access the > remote office and hosts in that office, I do this: > > On remote office server, in a screen session I run > $ ssh -R .... local_server > > On my own office, I try to connect to mapped ports on local_server. > > The problem of this solution is security. I do not want to grant shell > access of local_server to remote_server. What would you recommend me to > do in this case? I could try to limit access of the account used by > remote server ssh -R, but should I?
You might want to check out apf-server and apf-client packages. I use these to provide access between masqueraded systems using an intermediary system. Server runs on the intermediary and client on the system to be connected to. System connected _from_ connects to client through a port on the server.
signature.asc
Description: Digital signature
