On Thu, 2004-08-26 at 03:50, Raistlin Majere wrote:
Hi All,
I need some advice .. I have a situation where about fifty servers will
be located in fifty sites that cannot allow services to be hosted. These
servers will be in private network space behind firewalls. I can use
them to 'scp' files out to a common home base server, but sometimes I
need to access a command line console on these servers. I am thinking of
having a hourly cron job ssh out to my home base server and leaving that
tunnel open so that I can access that console, but am looking for the
specific way of doing this. Security os pf the utmost concern, so I need
some sort of encrypted tunnel, hence the thought of ssh, but I don't
know how to do this 'reverse' tunnel... I was also thinking of a 'free
swan' vpn tunnel ..
It's pretty simple, I use a similar solution to get into my work
machine. As it is firewalled off incomming connections cannot be made,
however it can make connections out. The way I have it setup tho is
that my works machine triess to wget a file from my home machine every
minute, if it does it brings up the tunnel. But then I need this access
quickly when something breaks, and leaving a tunnel open isn't possible
as our firewall kills off the connection after it has been idle for a
while.
anyway the ssh syntax I use is:
/usr/bin/ssh -1 -R 5000:127.0.0.1:5000 graeme@homemachine.domain.com
which basically says dig a tunnel to my homemachine. then listen on
port 5000, any connections made to that port forward to host 127.0.0.1
on port 5000 from the local machine (which in this case is my work
machine).
I have ssh listening on port 5000 on my work machine, so it catches when
I ssh up the tunnel and I can login.
simple eh.
--
-----
Graeme Hinchliffe (BSc)
Core Internet Systems Designer
Zen Internet (http://www.zen.co.uk/)
Direct: 0845 058 9074
Main : 0845 058 9000
Fax : 0845 058 9005
