Sudhakar Chandra proclaimed:
> I was wondering whether anyone here has managed to connect to a machine
> behind a firewall using ssh.
Figured it out. Took half a day of RTFM-ing (!!).
Here is how it is done:
Let us call the machine inside the firewall as A and the one outside the
firewall as B.
1. Create a restricted account 'huey' on B. Make huey's login shell some
kind of restricted shell like rbash or rzsh.
2. Login as huey on macine B and run ssh-keygen to generaye huey's RSA key.
3. If possible, copy over the user's public key on A to
~huey/.ssh/authorized_keys
4. Configure things on B such that only B can connect to some
non-privileged port (say, 1947)
[The night passes. You are frequently woken up by some flame war in the LI
list churning the disk on the server in your bedroom. Wake up with bleary
eyes to a shrieking alarm clock. Curse the world in general and your
employer in particular. Jump into the shower. Get some caffeine pumping
through your veins. Get back to work. ;-]
5. Just before you leave work the following day [promptly @ 4:30 pm ;-],
run
ssh 1947:localhost:22 -f -X -a -C -l huey machineB.domain.name
on an xterm on machine A. You could even write a cron job that monitors if
this command is running and restarts it if it stops.
6. When you reach machine B, run
ssh -f -p 1947 localhost xterm
or
ssh -f -p 1947 localhost netscape
or
ssh -f -p 1947 localhost slrn
and voila!
WARNING! Clear this up with your network / sys admin before doing it. In
some companies running a tunnel like this might be against the policy.
Thaths
--
"Microsoft is a great company in reality. They've got a lot of really
smart people. When I was competing with them I didn't like them at all.
Now that I'm not, I kind of like them" -- Jim Clark
(http://www.cnetinvestor.com/newsitem-bloomberg.asp?symbol=94496655&Ticker=AOL)
Sudhakar C13n http://www.aunet.org/thaths/ Lead Indentured Slave
----------------------------------------------------------------------
An alpha version of a web based tool to manage your
subscriptions with this majordomo2 server is available
at http://lists.linux-india.org/cgi-bin/mj_wwwusr
