I missed out on the first part of the meeting last night (I got lost). In any case for those interested I post a script I have been using for a few years. (Not all of it is originally mine, and I have no idea where I found part of it). I have two linux boxes, one at (very secure)Work and one at Home. Home has one port (ssh:22 or 443 if I wanted to go through a M$ web proxy ) forwarded from the router to allow Work to ssh in. The one at Work runs the below in a crontab every few min, (I already set up ssh keyless entry between them for my user). It logs in and creates a reverse tunnel back into my Work network from Home. This allows me to " ssh -p 2059 myu...@localhost" at Home and get into Work through all the firewalls etc. with out having to use a VPN client. That covers the -R option shown below. The -D allows me to tunnel my browser traffic or anything else to a SOCKS 5 proxy through to Home from Work. Using the addon foxy-proxy for firefox for instance, I can tunnel all dns requests and web traffic to localhost:3002 and thus get around restrictions for browsing at Work. (For instance most linux websites are labeled "hacking" and are blocked for users with surfcontrol). There is some more stuff I didn't include below, like by using ntlmaps I have been able to tunnel my ssh through port 443 through a M$ proxy as well. I know to many this might be old hat but I am quite pleased with how well this works and just thought I would share. Also of note you would want to take precautions and make Home very secure as well. For instance I use tcp.wrappers, /etc/ hosts.allow and only allow ssh from my work IP address. As to forwarding X traffic, I don't know if it was mentioned last night(my lateness sorry) except at the pizza table, but freeNX or NXClient is by far the fastest way to do such a thing, and it does use ssh as well.
-BenTheMeek http://www.google.com/profiles/benthemeek Reverse_and_Socks.sh #!/bin/sh # $REMOTE_HOST is the name of the remote system REMOTE_HOST=home.dyndns.org #user myuser=mylogin # $REMOTE_PORT is the remote port number that will be used to tunnel # back to this system REMOTE_PORT=2059 DYNAMIC_PORT=3002 # $COMMAND is the command used to create the reverse ssh tunnel COMMAND="ssh -N -D $DYNAMIC_PORT -R $REMOTE_PORT:localhost:22 $myuser@ $REMOTE_HOST" # Is the tunnel up? Perform two tests: # 1. Check for relevant process ($COMMAND) pgrep -f -x "$COMMAND" || $COMMAND # 2. Test tunnel by looking at "netstat" output on $REMOTE_HOST ssh $myu...@$remote_host netstat -an | egrep "tcp.*: $REMOTE_PORT.*LISTEN" \ > /dev/null 2>&1 if [ $? -ne 0 ] ; then pkill -f -x "$COMMAND" $COMMAND fi --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~----------~----~----~----~------~----~------~--~---
