On 20/07/2014 12:45, geoffrey mendelson wrote:
On 7/20/2014 12:03 PM, Erez D wrote:
On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan <kaplanl...@gmail.com>
wrote:
ssh itself ?
http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
nice, however this requires me to give access to my server, which i do
not want ...
(or, can i give people permission to ssh to my server only for reverse
tunnels and no shell ?)
What I did is to run a second SSH server listening on a port that no
one would expect SSH connections and ONLY allow connections with key
exchanges. So someone could connect to that port randomly or with a
scan, but would be unable to do anything with it.
The regular SSH server, which ran on port 22, allowed much looser
connections, root connections, etc, but port 22 was NOT forwarded out
the firewall. This allowed me to do RSYNC, etc locally as root or a
user with no restrictions.
Once the SSH connection is established, it can be used to tunnel
anything.
Geoff.
Well, that's the essence of port knocking, isn't it :)
--
Moish
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
