You are not logged in.

#1 2008-03-09 11:40:15

rocktorrentz
Member
From: Southampton, England
Registered: 2007-08-05
Posts: 141

SSH Server Without Port Forwarding?

I have set up a PC running arch for family members who know nothing about linux. Is it possible for me to set up ssh so I can run commands on their PC 70 miles away without setting up port forwarding on their router, static ip and dyndns? Something similar to what VNC does when the client runs in listen mode and acts as the server? I am happy to set up port forwarding on my connection and already have dyndns set up. I want it set up so they don't have to do anything to allow me to fix things, run updates etc.

Thanks in advance

Offline

#2 2008-03-09 12:00:57

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819

Re: SSH Server Without Port Forwarding?

Unless you run IPv6 you need NAT and thus port forwarding.


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#3 2008-03-09 21:00:25

tam1138
Member
Registered: 2007-09-10
Posts: 237

Re: SSH Server Without Port Forwarding?

You could write a boot script to run on their machine that tunnels a remote port from your machine to theirs:

ssh -R 2222:localhost:22 ip.of.your.machine

And then on your machine, to ssh to theirs:

ssh -p 2222 localhost

I'd set up a passphraseless for that, seeing as you want it started without supervision, and then use authorized_keys restrictions on your end to limit what that key can do.  I'd also limit their sshd to listen to only localhost.

Offline

#4 2008-03-09 21:06:22

rocktorrentz
Member
From: Southampton, England
Registered: 2007-08-05
Posts: 141

Re: SSH Server Without Port Forwarding?

That's exactly what I was looking for, my server runs 24/7 so this should work fine big_smile. So their pc would be running the client and my pc would be running the server and I'd put their key in my ~/.ssh/authorized_keys file?

Offline

#5 2008-03-09 22:05:23

gorn
Member
Registered: 2008-02-01
Posts: 56

Re: SSH Server Without Port Forwarding?

rocktorrentz wrote:

That's exactly what I was looking for, my server runs 24/7 so this should work fine big_smile. So their pc would be running the client and my pc would be running the server and I'd put their key in my ~/.ssh/authorized_keys file?

You probably want to create a new user just for this, no use having them logged in as your user.

The idea is that the client would run on their system and connect to your system. Let's call this connection 1. Connection 1 also does port-forwarding, opening a port on your computer (2222) and forwarding it to a port on their computer (22). All traffic is tunneled through the Connection 1.

You then wish to ssh into their box so you open Connection 2, which is simply ssh'ing to your local host, but on port 2222, which gets tunneled over Connection 1 and you end up on the SSH server on their computer.

Offline

#6 2008-03-09 22:29:36

rocktorrentz
Member
From: Southampton, England
Registered: 2007-08-05
Posts: 141

Re: SSH Server Without Port Forwarding?

OK. Thanks for your help. I can see this being useful in many situations. I'll try it out on two machines inside my network as soon as I can because I will not have physical access to their machine for a while.

Offline

Board footer

Powered by FluxBB