Re: can a SSH server initiate a connection?

[rich <rl2@shinyblue.net>]

> Do you control firewall?
>   If yes : use DNAT to redirect external connection to SSH server
>              (if firewall is NAT box)
>            or open port 22 and forward connectio to internal hosts

There's a firewall I control (which allows port 22 so long as the SYN packet 
comes from inside), but that's behind a NAT router, so the only way to "find" 
my server on the internet is if IT initiates the connection.

>
>   If no but still legally OK to connect from outside:
>     Does internal host accessible from other means
>        * can you recieve mail and mail is processed with procmail
>        * do you have dial-in modem connected to pc
>        --> use these to initiate process which
>          connects from inside to outside with SSH.  If
>          needed using open port such as 80 or even DNS one and operate
>          special SSHD on the other side listning to that port.
>          Then set up port forwarding or so.
>        -->Connect through SSH tunnel backward from outside to inside.
This last suggestion looks promising, how do I go about it?

>
> But why connect from outside of firewall if firewall prevent you to do
> so.  Maybe that is a bigger question :)

I've set up a server for a small organisation which works in the offices of a 
bigger but entirely separate one. The bigger org. has a DSL connection which 
is shares with this small org. The firewall stops not just unwanted internet 
attacks on the small org, but also anything originating from the bigger org.

thanks

rich