Re: ssh tunnelling over ssh ?

Wed, 15 Nov 2000 12:06:40 -0800 

On Wed, 15 Nov 2000 11:54:28 +0000
        Piete Brooks <[EMAIL PROTECTED]> asked:

>       Exec summary: How can I tunnel ssh over ssh ? The relay doesn't use a priv port
>
>       Full details:
>
>       I have a number of machines on a home network connected via an ISP which 
>       offers only a single DHCP address. The idea is to use PPP over SSH to generate 
>       a VPN, 

look at:

   http://www.linuxdoc.org/HOWTO/mini/VPN.html


If you use the "nodetach" option for pppd you don't have to do the polling described in
the HOWTO.  The howto is for Linux, but since it uses the McKerras pppd and ssh it's 
reasonably generic to all the platforms common to those packages.  It works quite well 
for me between to NetBSD systems.  However, I also run it between one of those systems
and a Solaris 7 sytem and it's a little flakey on that connection, I haven't spent much
time trying to understand what's wrong with it.  If you have a streams orietnted system
on either end you'll have to hack the pty-redir program just a bit to push the correct
streams modules onto the tty.  Something like:

                /*
                        Fix stdin
                */
                ioctl(0, I_PUSH, "ptem");
                ioctl(0, I_PUSH, "ldterm");
                ioctl(0, I_PUSH, "ttcompat");
                /*
                        Fix stdout
                */
                ioctl(1, I_PUSH, "ptem");
                ioctl(1, I_PUSH, "ldterm");
                ioctl(1, I_PUSH, "ttcompat");

                if(execve(argv[1],args,envs)) {

Good luck,
Paul



>   by giving the client machine a capability to run pppd (email me 
>       privately if you've done something similar and can offer any advice).
>       However, in the meantime I'm using ssh for serious traffic and NAT for the 
>       rest.
>       I have made a two line tweak to ssh (version 1) to allow a port number to be 
>       included in the host name, and having set up a relay from port 12345 on the 
>       DHCP host to port 22 on the hidden host, and can connect straight through from 
>       the internet.  However, the connection from the DHCP host is not a `low 
>       numbered' port, so I have to type a password due to:
>        RhostsRsa authentication not available for connections from unprivileged port
>       What I'd like to do is to be able to tell `ssh -L 12345:$host:22' to tell the 
>       sshd on $host that the local src port used for the connection to port 22 has 
>       to be priv. Can this be done?
>       I assume channel_input_port_open in newchannels.c would actually do it, and I 
>       see no conditional code in there :-(
>
>       Can it be done, or is there an alternative way to do it ?
>
>

Reply via email to