At Thu, 9 Dec 2004 21:49:47 +1100, Robert S wrote: > > I am wanting to set up a VPN using ssh between my office and my home Windows > PCs, using a debian box at the remote end. The setup is as follows: > > HOME (winxp)- - - -<internet>- - - - DEBIAN ----<internal network>----SERVER > (win2K) > > I have managed to connect (using vnc) to SERVER using PuTTY or ssh at the > home end thus: > > 1. log into DEBIAN from HOME using Putty, forward remote port 5900 to local > port 5901 > 2. forward port from SERVER to DEBIAN using "ssh -C -g -L 5900:server:5900 > debian" > 3. connect vncviewer to local port 5901. >
You could use masquarading (iptables) on the debian machine to forward some port on the debian machine to the server and then when you connect ssh to that port the connection will be forwarded directly to the server. I think that there is also a way to automatically run a command on ssh connection. I remember something in a tutorial about setting up cvs with ssh to allow only running cvs on the server so that the users don't have complete control. > All is fine with this setup. If I do this with samba using port 139 > however, it fails because I've disabled root ssh logins. > > I'd like to set up the above setup where step 2 is replaced by a persistent > connection that doesn't require a second password entry. In other words, > I'd like to forward a port on SERVER to a port on DEBIAN. I don't want to > use a private key file because that would have to be located on DEBIAN, with > obvious security problems. I assume that this would require something other > than ssh. > You could use the -R option with ssh to also forward ports in the reverse direction. > Can you do this with iptables - if so - how? stunnel does not seem to do > it - my syslog on DEBIAN indicates a connection, but nothing happens on the > HOME end. > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > +++++++++++++++++++++++++++++++++++++++++++ > This Mail Was Scanned By Mail-seCure System > at the Tel-Aviv University CC. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
