Re: Persistent port forwarding without ssh

To: "Robert S" <robert_s@emailme.net.au>
Cc: debian-user@lists.debian.org
Subject: Re: Persistent port forwarding without ssh
From: Micha Feigin <michf@post.tau.ac.il>
Date: Thu, 09 Dec 2004 20:14:26 +0200
Message-id: <[🔎] 877jnrpce5.wl%micha@litshi.luna.local>
In-reply-to: <[🔎] cp9akb$ier$1@sea.gmane.org>
References: <[🔎] cp9akb$ier$1@sea.gmane.org>

At Thu, 9 Dec 2004 21:49:47 +1100,
Robert S wrote:
> 
> I am wanting to set up a VPN using ssh between my office and my home Windows 
> PCs, using a debian box at the remote end.  The setup is as follows:
> 
> HOME (winxp)- - - -<internet>- - - - DEBIAN ----<internal network>----SERVER 
> (win2K)
> 
> I have managed to connect (using vnc) to SERVER using PuTTY or ssh at the 
> home end thus:
> 
> 1. log into DEBIAN from HOME using Putty, forward remote port 5900 to local 
> port 5901
> 2. forward port from SERVER to DEBIAN using "ssh -C -g -L 5900:server:5900 
> debian"
> 3. connect vncviewer to local port 5901.
> 

You could use masquarading (iptables) on the debian machine to forward some port
on the debian machine to the server and then when you connect ssh to that port
the connection will be forwarded directly to the server.

I think that there is also a way to automatically run a command on ssh
connection. I remember something in a tutorial about setting up cvs with ssh to
allow only running cvs on the server so that the users don't have complete
control.

> All is fine with this setup.  If I do this with samba using port 139 
> however, it fails because I've disabled root ssh logins.
> 
> I'd like to set up the above setup where step 2 is replaced by a persistent 
> connection that doesn't require a second password entry.  In other words, 
> I'd like to forward a port on SERVER to a port on DEBIAN.  I don't want to 
> use a private key file because that would have to be located on DEBIAN, with 
> obvious security problems.  I assume that this would require something other 
> than ssh.
> 

You could use the -R option with ssh to also forward ports in the reverse
direction.

> Can you do this with iptables - if so - how?  stunnel does not seem to do 
> it - my syslog on DEBIAN indicates a connection, but nothing happens on the 
> HOME end. 
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>  
>  +++++++++++++++++++++++++++++++++++++++++++
>  This Mail Was Scanned By Mail-seCure System
>  at the Tel-Aviv University CC.
>

Reply to:

Follow-Ups:
- Re: Persistent port forwarding without ssh
  - From: "Robert S" <robert_s@emailme.net.au>

References:
- Persistent port forwarding without ssh
  - From: "Robert S" <robert_s@emailme.net.au>

Prev by Date: Re: X.org <-----> Xfree
Next by Date: Re: how can I put an acpi laptop to sleep?
Previous by thread: Re: Persistent port forwarding without ssh
Next by thread: Re: Persistent port forwarding without ssh
Index(es):
- Date
- Thread