Re: [SLUG] Bi-directional ssh
On Thu, 2008-04-17 at 19:58 +1000, Jeff Waugh wrote: > > > > Is it possible to use ssh as a type of dynamic vpn so that when I connect > > to a remote machine the remote machine has access to the initiating > > machine? > > See the man page section for the -R option to map a remote port to a local > port. It complements the -L option, which does the opposite. I don't believe > there's a reverse analogue to the -D option though (SOCKS proxy through the > remote end), so you're stuck with port mapping. > > You can also do sick stuff like ppp-over-ssh. > > Or sensible stuff like OpenVPN. For what you're trying to do, autossh would be useful - keeps a -L/-R tunnel alive permanently. I've used it with success to solve *cough* various firewall issues at POE's. $ sudo aptitude install autossh $ dpkg -L autossh | less -- Thanks, Sonia Hamilton http://soniahamilton.wordpress.com http://www.linkedin.com/in/soniahamilton -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Bi-directional ssh
Excerpts from Jeff Waugh's message of Thu Apr 17 19:58:57 +1000 2008: > > > > Is it possible to use ssh as a type of dynamic vpn so that when I connect > > to a remote machine the remote machine has access to the initiating > > machine? > > See the man page section for the -R option to map a remote port to a local > port. It complements the -L option, which does the opposite. I don't believe > there's a reverse analogue to the -D option though (SOCKS proxy through the > remote end), so you're stuck with port mapping. > > You can also do sick stuff like ppp-over-ssh. > > Or sensible stuff like OpenVPN. I was hoping to avoid using OpenVPN I use that in lots of places as it is and given that I only need this for deployment it seemed like overkill. rgh > :-) > > - Jeff > -- +61 (0) 410 646 369 [EMAIL PROTECTED] You're worried criminals will continue to penetrate into cyberspace, and I'm worried complexity, poor design and mismanagement will be there to meet them - Marcus Ranum !DSPAM:480737c5198721863999174! -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Bi-directional ssh
On Thu, 2008-04-17 at 19:17 +1000, [EMAIL PROTECTED] wrote: > Is it possible to use ssh as a type of dynamic vpn so that > when I > connect to a remote machine the remote machine has access to > the > initiating machine? >From your machine: ssh -L 1200:localhost:22 [EMAIL PROTECTED] ssh -p 1200 [EMAIL PROTECTED] usually useful in this context ssh -L 1200:another.local.machine:22 [EMAIL PROTECTED] >From other machine: ssh -R 1200:localhost:22 [EMAIL PROTECTED] and from your machine ssh -p 1200 [EMAIL PROTECTED] To stop localhost bitching frome ssh .ssh/config Host localhost StrictHostKeyChecking no James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Bi-directional ssh
> Is it possible to use ssh as a type of dynamic vpn so that when I connect > to a remote machine the remote machine has access to the initiating > machine? See the man page section for the -R option to map a remote port to a local port. It complements the -L option, which does the opposite. I don't believe there's a reverse analogue to the -D option though (SOCKS proxy through the remote end), so you're stuck with port mapping. You can also do sick stuff like ppp-over-ssh. Or sensible stuff like OpenVPN. :-) - Jeff -- OSCON 2008: Portland OR, USA http://conferences.oreilly.com/oscon/ "I believe in true love. But I am easily satisfied." - Miguel de Icaza -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
