[Cialug] SSH Trickery
Renegade Muskrat
dramaley at spatulacity.cx
Mon Nov 21 18:04:40 CST 2005
I had to set up something similar when i changed jobs and was subjected
to more stringent access to my work machine from home:
http://www.hackinglinuxexposed.com/articles/
That link has lots of useful articles on it. The ones i used to do SSH
bouncing were:
SSH Bouncing - How to get through firewalls easily
http://www.hackinglinuxexposed.com/articles/20040830.html
SSH Bouncing - How to get through firewalls easily, Part 2
http://www.hackinglinuxexposed.com/articles/20040923.html
At 03:27 PM 11/21/2005 -0800, you wrote:
A friend recently pointed this method out to me, and it's too handy not
to pass on.
I've got two networks (work and home) that severly limit inbound
connections (nat at home, restrictive firewall/IDS/etc at work). On
both ends, there are "bastion" hosts that allow inbound ssh. From that
host, I can connect on to anywhere on the network. Works fine, but can
be a PITA when I want to say rsync a copy of the x-org debs from the
mirror at work to the fileserver at home. I used to have a nasty ad-hoc
port-forwarding mess. Nasty. That and ssh listening on odd ports on my
nat box to reach inside hosts... hard to maintain, didn't always work
nice with scp/rsync/X/etc. Enter the OpenSSH ProxyCommand option.... I
put the stanzas below into ~/.ssh and life is good. It assumes you've
got netcat installed on your bastion host, and I think the -q option to
nc might be a debian-ism, but oh so nice.
Host *.work.gov
ProxyCommand ssh -a -x ip.of.bastion.host nc -q 1 %h %p
Protocol 2
Cipher blowfish-cbc
Compression yes
Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
EscapeChar ~
Host *.home.org
ProxyCommand ssh -a -x ip.of.home.gateway nc -q 1 %h %p
Protocol 2
Cipher blowfish-cbc
Compression yes
Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
EscapeChar ~
-- Dan
--------------------------------------------------------------------
"I'm still sane on three planets and two moons."
--------------------------------------------------------------------
Daniel Ramaley 3118 Cottage Grove Ave Apt 8
dramaley at spatulacity dot cx Des Moines, Iowa 50311
http://www.spatulacity.cx/ (515) 271-5233
--------------------------------------------------------------------
WARNING: REDISTRIBUTION OF THIS MESSAGE MAY BE IN
VIOLATION OF APPLICABLE COPYRIGHT LAWS.
THIS MESSAGE NOT GUARANTEED Y-TO-K COMPLIANT.
More information about the Cialug
mailing list