If you just want an ssh connection you can simply redirect connection attempts to some port on the Internet-accessible machine to port 22 on the private-ip one - using whatever tool that fits you best - iptables, xinetd, redir, probably many others. -- Didi
2014-07-20 13:31 GMT+03:00 Erez D <erez0...@gmail.com>: > looks a little complicated - extra ssh server, firewall with port knocking > all this for a ssh connection ... > > On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe <ra...@rabin.io> > wrote: > > you can add a port-knocking tool like fwknop to add a dynamic rule to > > forward your connection into the privet machine. > > > > -- > > Rabin > > > > > > On Sun, Jul 20, 2014 at 12:16 PM, Erez D <erez0...@gmail.com> wrote: > >> > >> On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan <kaplanl...@gmail.com> > >> wrote: > >> > Didn't check it, but login in with a user who has /bin/true might do > the > >> > trick. > >> you are correct, it works. > >> however it is still a security risk, as this means the client may > >> listen on unused port ... > >> > >> > > >> > Kaplan > >> > > >> > > >> > On Sun, Jul 20, 2014 at 12:03 PM, Erez D <erez0...@gmail.com> wrote: > >> >> > >> >> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan <kaplanl...@gmail.com> > >> >> wrote: > >> >> > ssh itself ? > >> >> > > >> >> > http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/ > >> >> nice, however this requires me to give access to my server, which i > do > >> >> not want ... > >> >> (or, can i give people permission to ssh to my server only for > reverse > >> >> tunnels and no shell ?) > >> >> > >> >> > > >> >> > Kaplan > >> >> > > >> >> > > >> >> > On Sun, Jul 20, 2014 at 11:36 AM, Erez D <erez0...@gmail.com> > wrote: > >> >> >> > >> >> >> hello > >> >> >> > >> >> >> i have a linux machine with a private ip connected to the internet > >> >> >> i have a public ip and need to ssh to the linux box > >> >> >> > >> >> >> any tools for that ? > >> >> >> > >> >> >> _______________________________________________ > >> >> >> Linux-il mailing list > >> >> >> Linux-il@cs.huji.ac.il > >> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > >> >> > > >> >> > > >> > > >> > > >> > >> _______________________________________________ > >> Linux-il mailing list > >> Linux-il@cs.huji.ac.il > >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > > > > _______________________________________________ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
