Well, OpenSSH manpages explains quite well the -R switch, which forwards any
connexion made to the remote server port through an encrypted tunnel to the
local machine at a given port.
So, for instance, you could forward the remote port 222 to localhost 22 in the
ssh you start in one of the firewalled servers you want to connect to.
Here is a brief example :
Your machine : Machine
Firewalled server : XYZ
XYZ command : ssh -R 222:localhost:22 Machine
- This will bind Machine's port 222 to a tunnel which ends in a connexion to
localhost (on XYZ) port 22.
Then, all you have to do is to ssh to Machine, specifying port 222 (-p switch)
(and maybe tell ssh not to worry about keys too much
with -o StrictHostKeyChecking=no)
And there you are connecting to your firewalled server.
Keep in mind that starting an ssh session though a cron job could be a bad idea
if you don't verify if the tunnel is already up first.
Good luck!
Mathieu Desnoyers
* Raistlin Majere (raistlin@majere.net) wrote:
Hi All,
I need some advice .. I have a situation where about fifty servers will
be located in fifty sites that cannot allow services to be hosted. These
servers will be in private network space behind firewalls. I can use
them to 'scp' files out to a common home base server, but sometimes I
need to access a command line console on these servers. I am thinking of
having a hourly cron job ssh out to my home base server and leaving that
tunnel open so that I can access that console, but am looking for the
specific way of doing this. Security os pf the utmost concern, so I need
some sort of encrypted tunnel, hence the thought of ssh, but I don't
know how to do this 'reverse' tunnel... I was also thinking of a 'free
swan' vpn tunnel ..
Thanks
Raist
OpenPGP public key: http://krystal.dyndns.org:8080/key/compudj.gpg
Key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68
