[SLUG] Bi-directional ssh
Is it possible to use ssh as a type of dynamic vpn so that when I connect to a remote machine the remote machine has access to the initiating machine? rgh -- +61 (0) 410 646 369 [EMAIL PROTECTED] You're worried criminals will continue to penetrate into cyberspace, and I'm worried complexity, poor design and mismanagement will be there to meet them - Marcus Ranum !DSPAM:4807159a198721784069284! -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Bi-directional ssh
quote who=Richard Heycock Is it possible to use ssh as a type of dynamic vpn so that when I connect to a remote machine the remote machine has access to the initiating machine? See the man page section for the -R option to map a remote port to a local port. It complements the -L option, which does the opposite. I don't believe there's a reverse analogue to the -D option though (SOCKS proxy through the remote end), so you're stuck with port mapping. You can also do sick stuff like ppp-over-ssh. Or sensible stuff like OpenVPN. :-) - Jeff -- OSCON 2008: Portland OR, USA http://conferences.oreilly.com/oscon/ I believe in true love. But I am easily satisfied. - Miguel de Icaza -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Bi-directional ssh
On Thu, 2008-04-17 at 19:17 +1000, [EMAIL PROTECTED] wrote: Is it possible to use ssh as a type of dynamic vpn so that when I connect to a remote machine the remote machine has access to the initiating machine? From your machine: ssh -L 1200:localhost:22 [EMAIL PROTECTED] ssh -p 1200 [EMAIL PROTECTED] usually useful in this context ssh -L 1200:another.local.machine:22 [EMAIL PROTECTED] From other machine: ssh -R 1200:localhost:22 [EMAIL PROTECTED] and from your machine ssh -p 1200 [EMAIL PROTECTED] To stop localhost bitching frome ssh .ssh/config Host localhost StrictHostKeyChecking no James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Bi-directional ssh
Excerpts from Jeff Waugh's message of Thu Apr 17 19:58:57 +1000 2008: quote who=Richard Heycock Is it possible to use ssh as a type of dynamic vpn so that when I connect to a remote machine the remote machine has access to the initiating machine? See the man page section for the -R option to map a remote port to a local port. It complements the -L option, which does the opposite. I don't believe there's a reverse analogue to the -D option though (SOCKS proxy through the remote end), so you're stuck with port mapping. You can also do sick stuff like ppp-over-ssh. Or sensible stuff like OpenVPN. I was hoping to avoid using OpenVPN I use that in lots of places as it is and given that I only need this for deployment it seemed like overkill. rgh :-) - Jeff -- +61 (0) 410 646 369 [EMAIL PROTECTED] You're worried criminals will continue to penetrate into cyberspace, and I'm worried complexity, poor design and mismanagement will be there to meet them - Marcus Ranum !DSPAM:480737c5198721863999174! -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Bi-directional ssh
On Thu, 2008-04-17 at 19:58 +1000, Jeff Waugh wrote: quote who=Richard Heycock Is it possible to use ssh as a type of dynamic vpn so that when I connect to a remote machine the remote machine has access to the initiating machine? See the man page section for the -R option to map a remote port to a local port. It complements the -L option, which does the opposite. I don't believe there's a reverse analogue to the -D option though (SOCKS proxy through the remote end), so you're stuck with port mapping. You can also do sick stuff like ppp-over-ssh. Or sensible stuff like OpenVPN. For what you're trying to do, autossh would be useful - keeps a -L/-R tunnel alive permanently. I've used it with success to solve *cough* various firewall issues at POE's. $ sudo aptitude install autossh $ dpkg -L autossh | less -- Thanks, Sonia Hamilton http://soniahamilton.wordpress.com http://www.linkedin.com/in/soniahamilton -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
