Re: [SLUG] Bi-directional ssh

2008-04-17 Thread Sonia Hamilton
On Thu, 2008-04-17 at 19:58 +1000, Jeff Waugh wrote:
> 
> 
> > Is it possible to use ssh as a type of dynamic vpn so that when I connect
> > to a remote machine the remote machine has access to the initiating
> > machine?
> 
> See the man page section for the -R option to map a remote port to a local
> port. It complements the -L option, which does the opposite. I don't believe
> there's a reverse analogue to the -D option though (SOCKS proxy through the
> remote end), so you're stuck with port mapping.
> 
> You can also do sick stuff like ppp-over-ssh.
> 
> Or sensible stuff like OpenVPN.

For what you're trying to do, autossh would be useful - keeps a -L/-R tunnel 
alive permanently. I've used it with success to solve *cough* various firewall 
issues at POE's.

$ sudo aptitude install autossh
$ dpkg -L autossh | less

-- 
Thanks,

Sonia Hamilton
http://soniahamilton.wordpress.com
http://www.linkedin.com/in/soniahamilton

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Bi-directional ssh

2008-04-17 Thread Richard Heycock
Excerpts from Jeff Waugh's message of Thu Apr 17 19:58:57 +1000 2008:
> 
> 
> > Is it possible to use ssh as a type of dynamic vpn so that when I connect
> > to a remote machine the remote machine has access to the initiating
> > machine?
> 
> See the man page section for the -R option to map a remote port to a local
> port. It complements the -L option, which does the opposite. I don't believe
> there's a reverse analogue to the -D option though (SOCKS proxy through the
> remote end), so you're stuck with port mapping.
> 
> You can also do sick stuff like ppp-over-ssh.
> 
> Or sensible stuff like OpenVPN.

I was hoping to avoid using OpenVPN I use that in lots of places as it
is and given that I only need this for deployment it seemed like overkill.

rgh


> :-)
> 
> - Jeff
> 

-- 
+61 (0) 410 646 369
[EMAIL PROTECTED]

You're worried criminals will continue to penetrate into cyberspace, and
I'm worried complexity, poor design and mismanagement will be there to meet
them - Marcus Ranum

!DSPAM:480737c5198721863999174!


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Bi-directional ssh

2008-04-17 Thread jam

On Thu, 2008-04-17 at 19:17 +1000, [EMAIL PROTECTED] wrote:
> Is it possible to use ssh as a type of dynamic vpn so that
> when I
> connect to a remote machine the remote machine has access to
> the
> initiating machine?

>From your machine:

ssh -L 1200:localhost:22 [EMAIL PROTECTED]
ssh -p 1200 [EMAIL PROTECTED]

usually useful in this context
ssh -L 1200:another.local.machine:22 [EMAIL PROTECTED]

>From other machine:

ssh -R 1200:localhost:22 [EMAIL PROTECTED]
and from your machine
ssh -p 1200 [EMAIL PROTECTED]

To stop localhost bitching frome ssh
.ssh/config
Host localhost
StrictHostKeyChecking no

James

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Bi-directional ssh

2008-04-17 Thread Jeff Waugh


> Is it possible to use ssh as a type of dynamic vpn so that when I connect
> to a remote machine the remote machine has access to the initiating
> machine?

See the man page section for the -R option to map a remote port to a local
port. It complements the -L option, which does the opposite. I don't believe
there's a reverse analogue to the -D option though (SOCKS proxy through the
remote end), so you're stuck with port mapping.

You can also do sick stuff like ppp-over-ssh.

Or sensible stuff like OpenVPN.

:-)

- Jeff

-- 
OSCON 2008: Portland OR, USA   http://conferences.oreilly.com/oscon/
 
   "I believe in true love. But I am easily satisfied." - Miguel de Icaza
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html