You are not logged in.
- Topics: Active | Unanswered
#1 2011-01-07 17:35:37
- firecat53
- Member
- From: Lake Stevens, WA, USA
- Registered: 2007-05-14
- Posts: 1,542
- Website
SSH socks proxy on two different ports
Well, I haven't found anything useful after googling and foruming, so I thought I'd ask here:
My home server has SSH setup on a non-standard port, and I use it when I'm away from home as a socks proxy. However, the wifi network I have to use at work now blocks all non-standard ports (near as I can tell), thus preventing me from using my socks proxy. However, the standard SSH port 22 they don't block.
I'm a little reluctant to switch my home server back to the standard SSH port for fear it's not setup right somehow (I've done all the normal stuff...encryption keys with passphrases, no root login, only 1 username allowed, etc).
Anyone have any ideas for how to regain my socks proxy on the standard SSH port without moving my normal SSH access to that port? I was considering things like setting up a chroot jail that would only handle the socks proxy and running a second ssh server inside there. I didn't see any options that would allow the standard openssh server to open different ports for different users.
Hope that was somewhat clear! Any ideas?
Thanks!
Scott
Offline
#2 2011-01-07 19:48:37
- eldragon
- Member
- From: Buenos Aires
- Registered: 2008-11-18
- Posts: 1,029
Re: SSH socks proxy on two different ports
set your ssh port to 22 in your home server. and install fail2ban which will prevent bruteforce attacks.
you can also disable password logins and take your public key to your home server in a pendrive.
then simply ssh -D PORT
ive done this at home, and even if i suffer from login attempts, fail2ban blocks ips with more than 3 failed attempts within 5 minutes.
Offline
#3 2011-01-07 20:37:13
- firecat53
- Member
- From: Lake Stevens, WA, USA
- Registered: 2007-05-14
- Posts: 1,542
- Website
Re: SSH socks proxy on two different ports
@eldragon...thanks for that tip.
I also noticed that sshd_config has a MATCH directive, but I couldn't figure out if there was a way to match on a per-port basis like:
if port 22 and user 'socks' then allow socks proxy use
if port 5678 and user 'normal_ssh' then allow login
Is that possible?
Scott
Offline