Another approach is to make the target system account
not have a standard shell. Instead, the target system
has a script that simply says/loops through a print
statement upon connection:
"You are connected to the system. Hit ctrl-c to close
this connection"
Perhaps a sleep 30, then print again (for keepAlive
purposes).
So, in your target system you'd set up a special
account just for this purpose. The entry in your
/etc/passwd might be something like:
fooman:x:1000:100::/home/fooman:/home/fooman/loopit.sh
You can also get clever in your authorized_keys so
that the client can only make specific port redirects.
--- Jesse <lowbass@gmail.com> wrote:
Hi,
My problem is this:
I'm using the remote forwarding command on PC1. (So
that a port on PC2 is
forwarded to a port on PC1.) Remote forwarding works
fine, but unwanted is
that the command will also login onto PC2. Unwanted
because PC1 is not fully
under my control (but PC2 is), so people on PC1 can
find out about how to
log into PC2 by looking at PC1 and get a shell
prompt.
At the moment I fixed this using Bitvise WinSSHD
(Win32 SSH server
software). This program has an option called "Permit
terminal shell: No".
Using this will cause the command to authenticate,
but after that it will
not give a shell prompt, only a black screen.
So using that account of WinSSHD, people will able
to authenticate, but will
not be able to login in the shell.
But when using an account of OpenSSH, people will
also be able to login in
the shell, which is unwanted. I only need SSH
tunneling, but not SSH shell
login.
Of course I can use WinSSHD, but I'm looking for a
solution using OpenSSH.
Regards,
Jesse
-----Oorspronkelijk bericht-----
Van: Thorsten Peter [mailto:peter@rz-zw.fh-kl.de]
Verzonden: vrijdag 25 november 2005 18:22
Aan: Jesse
CC: secureshell@securityfocus.com
Onderwerp: Re: SSH Tunneling without console login
hey,
well you won't be able to open ssh tunnels, no
matter what without
logging in to the server. that's the way it works.
i am not sure what your point is. maybe you wanna
try what i do for
tunneling purposes, i login to the remote server
with the following command:
ssh -fN user@remotehost -L
localport:targetip:targetport (in your case
-R for remote forwarding)
-f forces ssh to go into background.
-N makes it stop executing other commands (for
tunneling purposes only)
so what it does, it logs in to your remote server,
as a background
process. you can then just leave it running, log out
of your local
shell, or do whatever your want. but still you DO
login to the remote
console. just that you don't have the ssh login
running as a foreground
process.
regards
Thorsten
Jesse wrote:
Question:
Is it possible to use remote port forwarding
(tunneling) without having to
login on the console?
Situation:
I have a server (PC1) which is running a SSH
service behind a firewall. I
do
NOT have any control over the firewall, but I do
want to access the SSH
service of PC1 from PC2 over the Internet.
Solution for the situation:
I'm using the following command on PC1 to let PC1
make a SSH-tunnel to PC2
ssh -R 4000:localhost:22 account@PC2
And I have installed a SSH service on PC2 to make
tunneling possible.
Same question in detail:
When I use the command above, it will make the
tunnel, but I will also
make
PC1 login on the console of PC2. That last step is
something I do not
want.
PC1 should only make the tunnel to PC2, but should
NOT login on the
console
of PC2.
Is this possible?
-Jesse
__________________________________
Yahoo! Music Unlimited
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/
