I think we need to reset here for a minute... Is your goal to connect to a machine with a IP on a private range where there exists a gateway machine or router with a (known) public IP? In that case the solution is very simple: port-forwarding However I would not do that without also running fail2ban and maybe also fwknop so that evil SSH traffic would have a harder time at getting at my server.
Or is your goal to connect to a machine reachable via a dynamic IP and you have a machine with a fixed IP that you can route via? In that case solutions are more complex, most of the solutions above related to that scenario I think. So please clear up for us what your exact goal is. Regards, Eliyahu - אליהו 2014-07-20 18:46 GMT+03:00 Erez D <erez0...@gmail.com>: > On Sun, Jul 20, 2014 at 3:36 PM, E.S. Rosenberg <e...@g.jct.ac.il> wrote: > > You can have something running on the machine you want to SSH to that > > updates the machine with a fixed IP what its' IP is and have a firewall > rule > > or some other way to redirect specific traffic like for instance traffic > to > > TCP:22222 from that machine to the IP that it was updated to be.... > > > still do not understand what you mean, and how it will let me connect > to a machine with a private ip > > > > 2014-07-20 14:33 GMT+03:00 Erez D <erez0...@gmail.com>: > > > >> On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David > >> <linux...@didi.bardavid.org> wrote: > >> > If you just want an ssh connection you can simply redirect connection > >> > attempts to some port on the > >> > Internet-accessible machine to port 22 on the private-ip one - using > >> > whatever tool that fits you best - > >> > iptables, xinetd, redir, probably many others. > >> > -- > >> > Didi > >> > >> i do not understand what do you mean > >> > > >> > > >> > 2014-07-20 13:31 GMT+03:00 Erez D <erez0...@gmail.com>: > >> >> > >> >> looks a little complicated - extra ssh server, firewall with port > >> >> knocking > >> >> all this for a ssh connection ... > >> >> > >> >> On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe <ra...@rabin.io > > > >> >> wrote: > >> >> > you can add a port-knocking tool like fwknop to add a dynamic rule > to > >> >> > forward your connection into the privet machine. > >> >> > > >> >> > -- > >> >> > Rabin > >> >> > > >> >> > > >> >> > On Sun, Jul 20, 2014 at 12:16 PM, Erez D <erez0...@gmail.com> > wrote: > >> >> >> > >> >> >> On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan < > kaplanl...@gmail.com> > >> >> >> wrote: > >> >> >> > Didn't check it, but login in with a user who has /bin/true > might > >> >> >> > do > >> >> >> > the > >> >> >> > trick. > >> >> >> you are correct, it works. > >> >> >> however it is still a security risk, as this means the client may > >> >> >> listen on unused port ... > >> >> >> > >> >> >> > > >> >> >> > Kaplan > >> >> >> > > >> >> >> > > >> >> >> > On Sun, Jul 20, 2014 at 12:03 PM, Erez D <erez0...@gmail.com> > >> >> >> > wrote: > >> >> >> >> > >> >> >> >> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan > >> >> >> >> <kaplanl...@gmail.com> > >> >> >> >> wrote: > >> >> >> >> > ssh itself ? > >> >> >> >> > > >> >> >> >> > http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/ > >> >> >> >> nice, however this requires me to give access to my server, > which > >> >> >> >> i > >> >> >> >> do > >> >> >> >> not want ... > >> >> >> >> (or, can i give people permission to ssh to my server only for > >> >> >> >> reverse > >> >> >> >> tunnels and no shell ?) > >> >> >> >> > >> >> >> >> > > >> >> >> >> > Kaplan > >> >> >> >> > > >> >> >> >> > > >> >> >> >> > On Sun, Jul 20, 2014 at 11:36 AM, Erez D <erez0...@gmail.com > > > >> >> >> >> > wrote: > >> >> >> >> >> > >> >> >> >> >> hello > >> >> >> >> >> > >> >> >> >> >> i have a linux machine with a private ip connected to the > >> >> >> >> >> internet > >> >> >> >> >> i have a public ip and need to ssh to the linux box > >> >> >> >> >> > >> >> >> >> >> any tools for that ? > >> >> >> >> >> > >> >> >> >> >> _______________________________________________ > >> >> >> >> >> Linux-il mailing list > >> >> >> >> >> Linux-il@cs.huji.ac.il > >> >> >> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > >> >> >> >> > > >> >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > >> >> >> _______________________________________________ > >> >> >> Linux-il mailing list > >> >> >> Linux-il@cs.huji.ac.il > >> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > >> >> > > >> >> > > >> >> > >> >> _______________________________________________ > >> >> Linux-il mailing list > >> >> Linux-il@cs.huji.ac.il > >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > >> > > >> > > >> > >> _______________________________________________ > >> Linux-il mailing list > >> Linux-il@cs.huji.ac.il > >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > > >
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il