Re: SSL VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 19, 2008 at 05:05:00PM -0400, Rick Bilonick wrote:
> 
> On Thu, 2008-06-19 at 13:34 +0100, Chris G wrote:
> > On Thu, Jun 19, 2008 at 08:08:54AM -0400, John Priddy wrote:
> > > > 
> > > > I guess I did not explain well. First, I ssh from the server (which is
> > > > behind a firewall) out to my home computer and leave this connection
> > > > open. Then when I go home, is there any way that I can use this
> > > > connection from home? That is, can I somehow tunnel back through from
> > > > home to the server over this connection? I may be totally off base, but
> > > > I thought I read somewhere that this could be done.
> > > > 
> > Yes, it can be done, I do exactly this for exactly the same reason.
> > 
> > What you need to do is as follows:-
> > 
> >     From the 'work' computer which is behind the firewall and which
> >     *does* have the ability to make ssh connections to 'home' you do
> >     something like:-
> > 
> >         ssh -l chris -R 50022:apollo:22 -N 1.2.3.4
> > 
> >     'apollo' is the hostname of the 'work' computer.  1.2.3.4 is the
> >     IP address of the 'home' computer, you can use its name if it's
> >     got proper DNS.  50022 is an arbitrary port number, it just has to
> >     be above 1024 to be accessible to a non-root user.  The "-l chris"
> >     is necessary if your username is different on home and work
> >     computers, it's your username on the home computer.
> > 
> > 
> >     Then at the 'home' end you just do:-
> > 
> >         ssh -l chris.work -p 50022 localhost
> > 
> >     Obviously the (arbitrary) 50022 has to be the same at both ends.
> >     You'll need the "-l chris.work" option again if, as I said, your
> >     username is different at the two ends.
> > 
> > -- 
> > Chris Green
> > 
> 
> Could "apollo" be an IP address? Is "work" the IP address of the work
> computer? And why "localhost"? How does it find it's way to the work
> computer? 
> 
Yes, "apollo" could perfectly well be an IP address.  Since "work"
doesn't appear anywhere in the above commands I don't quite understand
that question.  It's localhost because the ssh command from the 'work'
computer connects port 50022 on the 'home' computer (i.e. localhost)
to port 22 on the 'work' computer.


> I've looked at the ssh man page but I don't understand all the details.
> The "-N" says not to execute a command on the remote (home) computer.
> 
That's right, i.e. connect to the 'home' computer but then do nothing.


> When you type the first ssh command on the work computer, what should
> you see as output?
> 
Nothing (hopefully!).  I actually have a shell script that runs on the
work computer and retries running the command every few hours if it
doesn't appear to be running.

-- 
Chris Green

-- 
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux