The answers to the linked question have various other solutions to that. (On linux as an alternative to being root for reserved ports you can use POSIX capabilities, see, however this will not work on standard versions of OpenSSH as it has an extra hard-coded check on port numbers, unless compiled with NO_IPPORT_RESERVED_CONCEPT defined. Using a SOCKS proxy ( -D) as suggested may cause some surprises, depending on SOCKS/DNS/firewall/NAT configuration. ![]() You will need to set up SSH tunnelling in two scenarios, 1) You want to access remote resources that you cant access, 2) If you want people from the outside network can access your web server hosted on the local network. Using a non-privileged port may work, again depending on your site: ssh -L 1080:127.0.0.1:80 SSH from the destination to the source (with public IP) using the command below: ssh -R 19999:localhost:22. SSH Tunneling allows access to resources on the remote server or allows access to your local resources to someone else. I'd strongly suggest not allowing ssh login for root. ![]() Something like TeamViewer doesnt work, since these kinds of remote access options are blocked by the firewall. My work desktop is an Ubuntu, and Im trying to access it from home through a Windows laptop. To forward port 80 you only need to be root on the desktop, ''not'' the webserver. Setting up a reverse SSH tunnel to access remote ubuntu pc from windows. or if the site name must match due to the virtual-hosting set up then you'll need to add that to your desktop hosts file: 127.0.0.1 You could define an alias on the server vhost so that you can use one name for 127.0.0.1 like "", and the real name to go directly, if that's ever going to be useful - forgetting to remove entries from the hosts file is a good way to cause confusion. device_id.pem that should forward your connection to the embedded device.Once the tunnel is set up (with -L) you need to change the URL you use, e.g. Unlike other connection methods, reverse SSH enables Stitch to establish a connection to a database in your private network without opening holes in your. The script to put onto your desktop machines would look like (assuming the argument $1 is the IP of the embedded device, and that prod_remote_device.sh executes the above script on the chosen embedded device.) #!/bin/bash middle_id.pem -R 22:localhost:2222 private key authentication would be a way of making the login non-interactive) The script to put onto your embedded devices would look like #!/bin/bash So, fire up a new server on a global IP (an Amazon AWS micro node is free for a year and would do the job just fine), and install an ssh deamon. But it would be very easy to set up, assuming that your 'other means of executing a script' are remote and can be executed from your office. You will, as you say, need a middle-man server. ![]() Pointers to other questions I may have missed (although I have looked) or to applications that I should consider for the central "meeting point" server welcomed We're OK to develop code at either end or at the meeting point server if required, but obviously if there are apps out there so we don't have to write stuff, even better. But what are my options in this NAT'd environment? Without the NAT, it's just SSH to the device and away we go. We can (through other means) tell the device to execute some arbitary script or application to start up the session. If necessary, we could require the support person to log into some sort of terminal server, but I'd prefer a solution that just popped up a terminal window on their desktop. ![]() Their local terminal will also be NAT'd behind a corporate firewall, so we need some central "meeting point" that both they and the device can connect to. We need for a support person to be able to initiate a terminal/shell session on any of the devices. Many embedded devices (running Linux) out in the fields, behind routers so NAT'd and we can't make connections to them. Can this be modified to set up reverse SSH for multiple hosts behind firewalls, with as much automation as possible E.g., the port s on the middleman machine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |