On 7/20/2014 12:03 PM, Erez D wrote:
On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan <kaplanl...@gmail.com> wrote:
ssh itself ?
http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
nice, however this requires me to give access to my server, which i do
not want ...
(or, can i give people permission to ssh to my server only for reverse
tunnels and no shell ?)
What I did is to run a second SSH server listening on a port that no one
would expect SSH connections and ONLY allow connections with key
exchanges. So someone could connect to that port randomly or with a
scan, but would be unable to do anything with it.
The regular SSH server, which ran on port 22, allowed much looser
connections, root connections, etc, but port 22 was NOT forwarded out
the firewall. This allowed me to do RSYNC, etc locally as root or a user
with no restrictions.
Once the SSH connection is established, it can be used to tunnel anything.
Geoff.
--
Geoffrey S. Mendelson 4X1GM/N3OWJ
Jerusalem Israel.
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
