On Sun, Jul 20, 2014 at 11:54 PM, E.S. Rosenberg <esr+linux...@g.jct.ac.il> wrote: > I think we need to reset here for a minute... > > Is your goal to connect to a machine with a IP on a private range where > there exists a gateway machine or router with a (known) public IP? > In that case the solution is very simple: port-forwarding > However I would not do that without also running fail2ban and maybe also > fwknop so that evil SSH traffic would have a harder time at getting at my > server. > > Or is your goal to connect to a machine reachable via a dynamic IP and you > have a machine with a fixed IP that you can route via? > In that case solutions are more complex, most of the solutions above related > to that scenario I think. it is not even a dynamic ip, it is a private ip behind a dynamic one > > So please clear up for us what your exact goal is. > Regards, > Eliyahu - אליהו > > > 2014-07-20 18:46 GMT+03:00 Erez D <erez0...@gmail.com>: > >> On Sun, Jul 20, 2014 at 3:36 PM, E.S. Rosenberg <e...@g.jct.ac.il> wrote: >> > You can have something running on the machine you want to SSH to that >> > updates the machine with a fixed IP what its' IP is and have a firewall >> > rule >> > or some other way to redirect specific traffic like for instance traffic >> > to >> > TCP:22222 from that machine to the IP that it was updated to be.... >> > >> still do not understand what you mean, and how it will let me connect >> to a machine with a private ip >> > >> > 2014-07-20 14:33 GMT+03:00 Erez D <erez0...@gmail.com>: >> > >> >> On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David >> >> <linux...@didi.bardavid.org> wrote: >> >> > If you just want an ssh connection you can simply redirect connection >> >> > attempts to some port on the >> >> > Internet-accessible machine to port 22 on the private-ip one - using >> >> > whatever tool that fits you best - >> >> > iptables, xinetd, redir, probably many others. >> >> > -- >> >> > Didi >> >> >> >> i do not understand what do you mean >> >> > >> >> > >> >> > 2014-07-20 13:31 GMT+03:00 Erez D <erez0...@gmail.com>: >> >> >> >> >> >> looks a little complicated - extra ssh server, firewall with port >> >> >> knocking >> >> >> all this for a ssh connection ... >> >> >> >> >> >> On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe >> >> >> <ra...@rabin.io> >> >> >> wrote: >> >> >> > you can add a port-knocking tool like fwknop to add a dynamic rule >> >> >> > to >> >> >> > forward your connection into the privet machine. >> >> >> > >> >> >> > -- >> >> >> > Rabin >> >> >> > >> >> >> > >> >> >> > On Sun, Jul 20, 2014 at 12:16 PM, Erez D <erez0...@gmail.com> >> >> >> > wrote: >> >> >> >> >> >> >> >> On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan >> >> >> >> <kaplanl...@gmail.com> >> >> >> >> wrote: >> >> >> >> > Didn't check it, but login in with a user who has /bin/true >> >> >> >> > might >> >> >> >> > do >> >> >> >> > the >> >> >> >> > trick. >> >> >> >> you are correct, it works. >> >> >> >> however it is still a security risk, as this means the client may >> >> >> >> listen on unused port ... >> >> >> >> >> >> >> >> > >> >> >> >> > Kaplan >> >> >> >> > >> >> >> >> > >> >> >> >> > On Sun, Jul 20, 2014 at 12:03 PM, Erez D <erez0...@gmail.com> >> >> >> >> > wrote: >> >> >> >> >> >> >> >> >> >> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan >> >> >> >> >> <kaplanl...@gmail.com> >> >> >> >> >> wrote: >> >> >> >> >> > ssh itself ? >> >> >> >> >> > >> >> >> >> >> > http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/ >> >> >> >> >> nice, however this requires me to give access to my server, >> >> >> >> >> which >> >> >> >> >> i >> >> >> >> >> do >> >> >> >> >> not want ... >> >> >> >> >> (or, can i give people permission to ssh to my server only for >> >> >> >> >> reverse >> >> >> >> >> tunnels and no shell ?) >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> > Kaplan >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > On Sun, Jul 20, 2014 at 11:36 AM, Erez D >> >> >> >> >> > <erez0...@gmail.com> >> >> >> >> >> > wrote: >> >> >> >> >> >> >> >> >> >> >> >> hello >> >> >> >> >> >> >> >> >> >> >> >> i have a linux machine with a private ip connected to the >> >> >> >> >> >> internet >> >> >> >> >> >> i have a public ip and need to ssh to the linux box >> >> >> >> >> >> >> >> >> >> >> >> any tools for that ? >> >> >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> >> >> >> >> >> Linux-il mailing list >> >> >> >> >> >> Linux-il@cs.huji.ac.il >> >> >> >> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> >> >> >> >> _______________________________________________ >> >> >> >> Linux-il mailing list >> >> >> >> Linux-il@cs.huji.ac.il >> >> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> >> > >> >> >> > >> >> >> >> >> >> _______________________________________________ >> >> >> Linux-il mailing list >> >> >> Linux-il@cs.huji.ac.il >> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> > >> >> > >> >> >> >> _______________________________________________ >> >> Linux-il mailing list >> >> Linux-il@cs.huji.ac.il >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> > >> > > >
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il