You are not logged in.
The update option is pretty nice indeed. However, if we modify the same file, only the last modification will be kept.
I have the impression that managing administration files such as pdf, etc., has more sens with a drive and not git.. This is why I changed it recently ?.
I am very sorry to ask again the same question, I don't have the impression that I have a better understanding about one point of my question.
If we forget the sync stuff. I would like to trigger a command (bash in a shell eventually) on a machine from another one. As I said, I have others reasons for wanting to do that.
I see the DDNS and the others answers you gave to me. But how can I get the command run from another machine. I don't see how Teamviewer could do that.
I see that most of the communication applications are talking peer to peer or peer to server to peer. I would like to do the same with a command run at the end. You say Trilby that ssh won't be the easiest, could you tell me concretely a way to do that. One more time, I might have missed something.
all different - all equal
Offline
You could setup a VPN at your public server and let the client machines connect to it. This is how I reach the client machines (via SSH) in case I cannot configure the router and/or Dynamic DNS. Search the wiki for OpenVPN, WireGuard, Tinc
Offline
VPN has been suggested to him multiple times and I also linked and explained the case for ssh remote port forwarding (which the OP has completly ignored twice) …
Offline
Don't know what to answer. Hard to get. I imagine all of this could be obvious to you. It's not to me and I can promise you I do my best with my capacities. Anyway, thanks for your help.
I have read lots of times the post you forward seth and others about ssh tunneling, and apparently didn't understand.
I looked at ssh tunneling, it's interesting, but it doesn't seem to permit to access a machine behind a router. Juste to access a server and do other things then. I might have missed something.
I have the impression there is one case doing something different, with localhost from the machine not being a server in a NAT:
ssh -R 8080:localhost:80 public.example.com
Most of the examples I looked at about ssh tunneling were specifying an address accessible from the remote server (itself, in a NAT of the remote server, etc.). The localhost example is the only one, I have the impression, able to tell to ssh how to access a machine in a NAT behind an internet router different than itself. I don't understand why it can do that in this particular case but why we can not do it directly.
The server I manage is a shared web hosting one. I guess I can not do ssh tunneling as I imagine I don't have the permission to touch to the machine ports.
I looked at the VPN option, just don't understand it yet. I don't see in practice how to do it. I haven't yet understood how to make ssh through the VPN, what will be the commands, etc. But this solution too seems to enable the desired connection.
Thanks for your time.
all different - all equal
Offline
ssh -R 8080:localhost:80 public.example.com
That would poke through a http server (resp. whatever else is listening on port 80) and forward it to port 8080 on public.example.com
The link I posted is even explicitly about forwarding ssh/22 and there's an explanation what's going on.
as I imagine I don't have the permission to touch to the machine ports
What do you mean by "imagine" and which of the machines do you not have have "the permission to touch to the machine ports" and what do you mean by "touch ports"?
You've claimed to have three machines:
System1: the one you want to ssh into, but it's behind a NAT'ing router
System2: the one you want to ssh from, (also behind a NAT'ing router, but that doesn't matter)
System3: a server with a WAN IP
You must be able to
1. run an ssh server on system1
2. run an ssh server on system3
Run ssh on system3, then on system1 run
yann@system1 % ssh -R8022:localhost:22 system3
This will open an ssh shell and also allow you to connect
yann@system3 % ssh -p 8022 localhost
on system3 which is effectively a ssh connection to system1.
If you want to be able to connect system1 directly from system2, ie.
yann@system2 % ssh -p 8022 system3
you need to specify a (blank) bind address and enable "GatewayPorts" in the sshd.conf on system3 (see the ssh manpage on details for "-R")
Offline
Everything clear, thanks.
I would like to be able to connect from system1 to system2 and system2 to system1, both. This is possible with this solution as I can configure the forward twice, matching a port on system3 to system1 and another from system3 to system2.
However, I realize that the server I use is a shared hosting (mutual). And, it seems obvious to me that I don't have the permissions to do ssh forwarding on a shared operating system, no ?
all different - all equal
Offline
And, it seems obvious to me that I don't have the permissions to do ssh forwarding on a shared operating system, no ?
You only need to have it running sshd, only if you want to connect system1 and system2 directly, you need to be able to edit the sshd.conf (and restart sshd) on the server (if it's not configured this way already)
=> Do you have root access on the server?
Offline
I don't have root access. I can connect through ssh and do whatever I want under my home, but I can not touch to anything else as it is a shared hosting (not a VPS).
When I try a command such as
ssh -R8022:localhost:22 system3
from my machine, I get
Warning: remote port forwarding failed for listen port 8022
Last edited by Yann (2020-11-22 15:43:44)
all different - all equal
Offline
Probably a firewall on system3 and at this point it's pretty much game over - unless you can get access to a server that allows you to tunnel ssh or get control over the NAT, there's no way to reach the systems behind the NAT.
There're oc. commercial VPN systems, which is pretty much the same as getting hands on a useful server.
Offline
Hmm. I understand.
Well, if I really need it I will pay for a VPS, that will simplify everything.
Thanks for your help !
all different - all equal
Offline
Addendum:
Depending on the server the port 8022 could already be taken by somebody else, so you could try random different ports (>1024)
You also might be able to run a second sshd intance (as your own user and listening to a port > 1024) that you might have full control over.
However, from the appearance of the server, you *should* not be able to do either and even if you can, running a second sshd instance might violate the terms of service, so be sure to not get in trouble there.
Being able to ssh into a server (eg. from your school or so) does not mean that you "have" a server - it means you've remote access to a system that's totally *not* yours.
Offline
I tried more or less 10 different ports over 1024.
Warning: remote port forwarding failed for listen port XXXX
Tried starting another sshd instance.
Failed to start sshd.service: Access denied
I am not in sudoers. I think I won't be able to do that on this server.
I will get a VPS when I will implement this communication functionality.
Thanks !!
all different - all equal
Offline
"systemctl start sshd.service" (or anything) won't work, but you could try "sshd -p 2222" (starts an ssh server on port 2222)
Offline
An interesting idea is to use NAT hole punching with a STUN server and then publish the result using some public directory, possibly opendht. Then an UDP protocol like wireguard can create a direct connection.
Here is something like that. I haven't tested it, though. https://github.com/manuels/wireguard-p2p
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
Offline
sshd is only under /usr/sbin on the server. bash doesn't find it in the executables. I have to use the absolute path.
$ /usr/sbin/sshd -p 2222
/etc/ssh/sshd_config: Permission denied
Wireguard is one of the VPN solutions I guess. The doc looks pretty complete. I think I need time to dig on all of that. It doesn't seem to be just one step to get it working. I will study that.
all different - all equal
Offline
sshd is only under /usr/sbin on the server. bash doesn't find it in the executables. I have to use the absolute path.
$ /usr/sbin/sshd -p 2222 /etc/ssh/sshd_config: Permission denied
It looks like you'd have to create a custom config file that includes "UsePrivilegeSeparation no", choose it with -f and also replace all other paths with user readable ones.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
Also keep in mind that if there are that many hurdles, the owners / administrators of that server almost certainly don't want you doing this sort of thing. And if they detect it - which they will if they are half competent - you may lose all access to the server.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
Indeed, I think this is not the best idea to try all these things. I am probably going to lose more than get. At the right time, a VPS would solve everything.
all different - all equal
Offline