sshd is listening on the external interface, port 22 on the home machine.As long as you can ssh from work to this machine. The "home" machine is off of the work network and can be a server at home or something like a droplet at Digital Ocean.NOTE: We are going to assume the following conditions are true: Reverse SSH: home -> SSH TUNNEL -> work localhost:22 Initial Tunnel: work -> WORK FIREWALL -> home port 22 Through the established ssh tunnel back to your work machine's sshd daemon. Initiate a seperate ssh connection from your home machine to localhost, back Restrictive corporate firewall, ending at a machine at home. You to use an existing ssh connection initiated from work, through a Offsite machine to connect back into the work machine. Any feedback would be great.A Secure, Double Encrypted, SSH ConnectionĪ reverse ssh tunnel can be created to allow an ssh connection from an Is there a better way? Does IPFire offer features that will allow me to achieve the same result. Can I manually setup ssh keys etc on IPFire? I need to be able to manually setup ssh keys from the command line. I then use puTTY to connect to the tunnel that now ends on my PC. I use puTTY to build a forward tunnel from my PC to connect end to end to the reverse tunnel. There are other things I need to do as well, like creating services and firewall rules but the main one is to be able to create a special non-standard user ‘tunnel’. I can then access the remote CLI with a forward ssh connection through the single tunnel. That creates a single tunnel from my PC, through the firewall and out to the remote device. The next step is to be able to set up a forward ssh tunnel that connects to the reverse tunnel via the user ‘tunnel’. –s /bin/true gives no shell access How to unlock account for public key ssh authorization, but not for password authorization?ĭisable password-based access to the tunnel account while allowing SSH access with: Even if a hacker is able to modify the remote reverse ssh tunnel command to reach the tunnel user in the IPCop firewall, they will be unable to login or execute any # useradd tunnel -m -d /home/tunnel -s /bin/true This was achieved doing the following:Ĭreate a user “tunnel” with no password and no access to a shell. To do this, I created a special IPCop user called ‘tunnel’ that provided a dead end to any intruder. This required the reverse tunnel to terminate within the firewall. I wanted to be able to connect to the reverse tunnel from anywhere within my home network, from any pc. This makes it necessary for the remote device to initiate a reverse ssh connection back to (what was) my IPCop firewall. Mobile operators have firewalls to prevent internet traffic flooding their network. The remote devices may be behind a firewall, specifically they may be connected via a wireless phone network. I am seeking advice on whether IPFire will allow me to make the changes I need to do. This is not a question about how to setup what is a relatively complex ssh tunnel configuration. The connections are intermittent and unreliable, so I use autossh. The remote devices are in the wild and must be regarded as insecure. I have a specific requirement for my remote, headless Raspberry Pi based, devices to be able to create a reverse tunnel to ssh to my home PC. I have been using IPCop for years but the hardware has just failed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |