Florian Kulzer wrote: > On Mon, Oct 27, 2008 at 15:37:38 +0100, Jelle de Jong wrote: >> Hello everybody, >> >> I have been trying to create some sh tunneling commands that would allow >> me to create a ssh session to a machine behind an firewall/nat from a >> machine behind a firewall/nat but with a public server in between. I >> have spent a day trying to figure things out but without success. So I >> wanted to ask for some help to get the right command... > > [...] > >> question: how can admin0 and admin1 get a ssh session with user0 to >> provide remote support? >> >> what are the exact ssh commands and there sequences for user0, admin0 >> and admin1? >> >> +----------------+ +----------+ +--------------+ >> +----------+ >> | user0 |--------| firewall |--------| internet www |--------| >> firewall | >> | ip: unknown | +----------+ +--------------+ >> +----------+ >> | ssh access to: | | | >> | server0 | +----------+ >> +---------------------+ >> +----------------+ | firewall | | server0 >> | >> +----------+ | ip: >> 84.245.3.195 | >> +----------------+ | | provided >> access to: | >> | admin0 |------------------------------------+ | user0 >> | >> | ip: unknown | | admin0 >> | >> | ssh access to: | | admin1 >> | >> | server0 | >> +---------------------+ >> +----------------+ | >> | >> +----------------+ | >> | admin1 |----------------------------------------------------------+ >> | ip: unknown | >> | ssh access to: | >> | server0 | >> +----------------+ >> >> All systems are using Debian Linux sid or lenny, and no firewall can be >> changed so only outgoing connection are allowed with exception of the >> firewall of server0 > > I think this has to be done using remote port forwarding on user0 to > break through the firewall: > > ssh -N -R 22222:localhost:22 server0 > > If you run this command on user0 then an ssh connection is established > that forwards port 22222 on server0 to port 22 on user0. Obviously, this > means that you have to set up user0 in such a way that a user with > access to that computer can initiate the support session by running that > command, or you use a cron job, or you configure it as a permanent > connection that is established whenever user0 boots up. (Note that the > administrator of user0's firewall might notice what you are doing and > he/she might not like that you poke a permanent hole into the firewall.) > > With the port forward via ssh in place, it should be possible to ssh > into server0 from admin0 or admin1 and once you have your the shell on > server0, you run > > ssh -p 22222 localhost > > which will establish an ssh session to port 22222 of server0, meaning > that you connect via the ssh tunnel to port 22 of user0 (which I assume > is the port on which user0's ssh server listens). > > I am not entirely sure if I have all the syntax correct, though. It may > be possible to simplify the two-step ssh chain admin0/1 -> server0 > ->user0 by using ProxyCommand with netcat, see "man ssh_config". >
Thank you Florian for taking the time to answer my question. This is really appreciated, you were correct with the commands and I got it working: ssh -f -N -R 9999:127.0.0.1:22 [EMAIL PROTECTED] ssh -p 9999 [EMAIL PROTECTED] Thank you, Kind regards, Jelle -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
