Comments on: Bypassing corporate firewall with reverse ssh port forwarding http://toic.org/2009/01/18/reverse-ssh-port-forwarding/ Think shell Fri, 23 Jul 2010 17:58:13 +0000 hourly 1 http://wordpress.org/?v=3.0 By: thehidden http://toic.org/2009/01/18/reverse-ssh-port-forwarding/comment-page-1/#comment-629 thehidden Fri, 23 Jul 2010 17:58:13 +0000 http://toic.org/?p=207#comment-629 thank you for the good howto. i tried your idea with the reverse tunnel and every think works find. except of create an additional dynamic tunnel als socks proxy. can you explain please, how to do that? the tunnel is up, but no http traffic flows through. :-( kind regards thehidden thank you for the good howto. i tried your idea with the reverse tunnel and every think works find. except of create an additional dynamic tunnel als socks proxy. can you explain please, how to do that? the tunnel is up, but no http traffic flows through. :-(

kind regards
thehidden

]]> By: Branko http://toic.org/2009/01/18/reverse-ssh-port-forwarding/comment-page-1/#comment-623 Branko Tue, 25 May 2010 10:59:46 +0000 http://toic.org/?p=207#comment-623 You should set "GatewayPorts clientspecified" in /etc/ssh/sshd_config not in /etc/ssh/ssh_config /etc/ssh/ssh_config is config for ssh client and /etc/ssh/sshd_config is config for ssh server running on that machine. You should set “GatewayPorts clientspecified” in /etc/ssh/sshd_config not in /etc/ssh/ssh_config

/etc/ssh/ssh_config is config for ssh client and /etc/ssh/sshd_config is config for ssh server running on that machine.

]]> By: Connectiong two seperate LANs with reverse SSH | Bijan Hoomand http://toic.org/2009/01/18/reverse-ssh-port-forwarding/comment-page-1/#comment-622 Connectiong two seperate LANs with reverse SSH | Bijan Hoomand Mon, 24 May 2010 18:40:48 +0000 http://toic.org/?p=207#comment-622 [...] toic, reverse ssh port forwarding [...] [...] toic, reverse ssh port forwarding [...]

]]> By: bijan http://toic.org/2009/01/18/reverse-ssh-port-forwarding/comment-page-1/#comment-621 bijan Sat, 22 May 2010 07:59:37 +0000 http://toic.org/?p=207#comment-621 Branko, this is a great post, thank you. However I have the same issue as Justin. Let's say I have a server (the middle man) with an IP address of 174.2.2.2, from my office box, I run: ssh -R 178.2.2.2:1200:localhost:22 bijan@178.2.2.2 It connects with no problem. I also put "GatewayPorts clientspecified" in /etc/ssh/ssh_config. When I issue "netstat -an | grep LISTEN", I see it's listening on port 1200 for 127.0.0.1 The problem as Justin mentioned is that when I issue: ssh -p 1200 officeUser@178.2.2.2 I get the following error: "ssh: connect to host 178.2.2.2 port 1200: Connection refused". However if I ssh into 178.2.2.2 (to port 22 with a user on it) and then issue: ssh -p 1200 officeUser@localhost It's no problem, I login like a charm! I should say I disabled iptables, so, is it really a filtering problem or something wrong with me? Branko, this is a great post, thank you. However I have the same issue as Justin. Let’s say I have a server (the middle man) with an IP address of 174.2.2.2, from my office box, I run:

ssh -R 178.2.2.2:1200:localhost:22 bijan@178.2.2.2

It connects with no problem. I also put “GatewayPorts clientspecified” in /etc/ssh/ssh_config. When I issue “netstat -an | grep LISTEN”, I see it’s listening on port 1200 for 127.0.0.1

The problem as Justin mentioned is that when I issue:

ssh -p 1200 officeUser@178.2.2.2

I get the following error: “ssh: connect to host 178.2.2.2 port 1200: Connection refused”. However if I ssh into 178.2.2.2 (to port 22 with a user on it) and then issue:

ssh -p 1200 officeUser@localhost

It’s no problem, I login like a charm! I should say I disabled iptables, so, is it really a filtering problem or something wrong with me?

]]> By: Links 15/3/2010: CrossOver Linux, Tim Bray Joins Google | Boycott Novell http://toic.org/2009/01/18/reverse-ssh-port-forwarding/comment-page-1/#comment-609 Links 15/3/2010: CrossOver Linux, Tim Bray Joins Google | Boycott Novell Mon, 15 Mar 2010 20:03:56 +0000 http://toic.org/?p=207#comment-609 [...] Bypassing corporate firewall with reverse ssh port forwarding [...] [...] Bypassing corporate firewall with reverse ssh port forwarding [...]

]]> By: Christian Rishøj http://toic.org/2009/01/18/reverse-ssh-port-forwarding/comment-page-1/#comment-597 Christian Rishøj Fri, 05 Mar 2010 17:33:35 +0000 http://toic.org/?p=207#comment-597 Excellent post! Thorough, explanatory and extremely useful. You saved the day! Excellent post! Thorough, explanatory and extremely useful. You saved the day!

]]> By: SSH port forwarding | - [ t o i c . o r g ] - http://toic.org/2009/01/18/reverse-ssh-port-forwarding/comment-page-1/#comment-588 SSH port forwarding | - [ t o i c . o r g ] - Tue, 16 Feb 2010 13:44:45 +0000 http://toic.org/?p=207#comment-588 [...] one of my previous post I made a tutorial how to bypass corporate firewalls and gain access into your office computer. It work well if you are at your home and you need ssh [...] [...] one of my previous post I made a tutorial how to bypass corporate firewalls and gain access into your office computer. It work well if you are at your home and you need ssh [...]

]]> By: Reverse ssh port forwarding « Linux notes http://toic.org/2009/01/18/reverse-ssh-port-forwarding/comment-page-1/#comment-587 Reverse ssh port forwarding « Linux notes Sun, 14 Feb 2010 15:07:11 +0000 http://toic.org/?p=207#comment-587 [...] via Reverse ssh port forwarding | – [ t o i c . o r g ] -. [...] [...] via Reverse ssh port forwarding | – [ t o i c . o r g ] -. [...]

]]> By: Branko http://toic.org/2009/01/18/reverse-ssh-port-forwarding/comment-page-1/#comment-583 Branko Mon, 25 Jan 2010 07:56:24 +0000 http://toic.org/?p=207#comment-583 As far as I know this setup will not work for you in this way. If you reverse proxy the connections trough your home computer than all traffic will go trough that tunnel, and that beats the purpose of what your trying. As far as I know this setup will not work for you in this way.

If you reverse proxy the connections trough your home computer than all traffic will go trough that tunnel, and that beats the purpose of what your trying.

]]> By: Branko http://toic.org/2009/01/18/reverse-ssh-port-forwarding/comment-page-1/#comment-582 Branko Mon, 25 Jan 2010 07:53:49 +0000 http://toic.org/?p=207#comment-582 What you need to do is make sure Gatewayports are set to clientspecified in /etc/ssh/sshd_config On your vps run this command: ssh -nNT -R 0.0.0.0:2222:localhost:22 username@localhost Make sure you replace port 2222 with a port that is opened on your university, and replace username with your local vps username. After doing so make sure your vps firewall is permitting traffic on the port of your choice (2222 in this example). Do a quick nestat -ntl on yoiur vps, and it should show something like this: tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN What you need to do is make sure Gatewayports are set to clientspecified in /etc/ssh/sshd_config

On your vps run this command:

ssh -nNT -R 0.0.0.0:2222:localhost:22 username@localhost

Make sure you replace port 2222 with a port that is opened on your university, and replace username with your local vps username.

After doing so make sure your vps firewall is permitting traffic on the port of your choice (2222 in this example).

Do a quick nestat -ntl on yoiur vps, and it should show something like this:

tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN

]]>