You are not logged in.

#26 2020-11-19 19:30:39

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

The update option is pretty nice indeed. However, if we modify the same file, only the last modification will be kept.
I have the impression that managing administration files such as pdf, etc., has more sens with a drive and not git.. This is why I changed it recently ?.


I am very sorry to ask again the same question, I don't have the impression that I have a better understanding about one point of my question.
If we forget the sync stuff. I would like to trigger a command (bash in a shell eventually) on a machine from another one. As I said, I have others reasons for wanting to do that.

I see the DDNS and the others answers you gave to me. But how can I get the command run from another machine. I don't see how Teamviewer could do that.

I see that most of the communication applications are talking peer to peer or peer to server to peer. I would like to do the same with a command run at the end. You say Trilby that ssh won't be the easiest, could you tell me concretely a way to do that. One more time, I might have missed something.


all different - all equal

Offline

#27 2020-11-19 21:05:43

demaio
Member
From: Germany
Registered: 2012-09-02
Posts: 101
Website

Re: [SOLVED] Communication between machines behind NATs

You could setup a VPN at your public server and let the client machines connect to it. This is how I reach the client machines (via SSH) in case I cannot configure the router and/or Dynamic DNS. Search the wiki for OpenVPN, WireGuard, Tinc

Offline

#28 2020-11-19 21:21:19

seth
Member
Registered: 2012-09-03
Posts: 50,009

Re: [SOLVED] Communication between machines behind NATs

VPN has been suggested to him multiple times and I also linked and explained the case for ssh remote port forwarding (which the OP has completly ignored twice) …

Offline

#29 2020-11-20 12:50:00

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

Don't know what to answer. Hard to get. I imagine all of this could be obvious to you. It's not to me and I can promise you I do my best with my capacities. Anyway, thanks for your help.

I have read lots of times the post you forward seth and others about ssh tunneling, and apparently didn't understand.

Yann wrote:

I looked at ssh tunneling, it's interesting, but it doesn't seem to permit to access a machine behind a router. Juste to access a server and do other things then. I might have missed something.

I have the impression there is one case doing something different, with localhost from the machine not being a server in a NAT:

ssh -R 8080:localhost:80 public.example.com

Most of the examples I looked at about ssh tunneling were specifying an address accessible from the remote server (itself, in a NAT of the remote server, etc.). The localhost example is the only one, I have the impression, able to tell to ssh how to access a machine in a NAT behind an internet router different than itself. I don't understand why it can do that in this particular case but why we can not do it directly.

The server I manage is a shared web hosting one. I guess I can not do ssh tunneling as I imagine I don't have the permission to touch to the machine ports.

I looked at the VPN option, just don't understand it yet. I don't see in practice how to do it. I haven't yet understood how to make ssh through the VPN, what will be the commands, etc. But this solution too seems to enable the desired connection.

Thanks for your time.


all different - all equal

Offline

#30 2020-11-20 14:04:23

seth
Member
Registered: 2012-09-03
Posts: 50,009

Re: [SOLVED] Communication between machines behind NATs

ssh -R 8080:localhost:80 public.example.com

That would poke through a http server (resp. whatever else is listening on port 80) and forward it to port 8080 on public.example.com
The link I posted is even explicitly about forwarding ssh/22 and there's an explanation what's going on.

as I imagine I don't have the permission to touch to the machine ports

What do you mean by "imagine" and which of the machines do you not have have "the permission to touch to the machine ports" and what do you mean by "touch ports"?

You've claimed to have three machines:
System1: the one you want to ssh into, but it's behind a NAT'ing router
System2: the one you want to ssh from, (also behind a NAT'ing router, but that doesn't matter)
System3: a server with a WAN IP

You must be able to
1. run an ssh server on system1
2. run an ssh server on system3

Run ssh on system3, then on system1 run

yann@system1 % ssh -R8022:localhost:22 system3

This will open an ssh shell and also allow you to connect

yann@system3 % ssh -p 8022 localhost

on system3 which is effectively a ssh connection to system1.

If you want to be able to connect system1 directly from system2, ie.

yann@system2 % ssh -p 8022 system3

you need to specify a (blank) bind address and enable "GatewayPorts" in the sshd.conf on system3 (see the ssh manpage on details for "-R")

Offline

#31 2020-11-21 13:08:20

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

Everything clear, thanks.

I would like to be able to connect from system1 to system2 and system2 to system1, both. This is possible with this solution as I can configure the forward twice, matching a port on system3 to system1 and another from system3 to system2.

However, I realize that the server I use is a shared hosting (mutual). And, it seems obvious to me that I don't have the permissions to do ssh forwarding on a shared operating system, no ?


all different - all equal

Offline

#32 2020-11-21 13:11:50

seth
Member
Registered: 2012-09-03
Posts: 50,009

Re: [SOLVED] Communication between machines behind NATs

And, it seems obvious to me that I don't have the permissions to do ssh forwarding on a shared operating system, no ?

You only need to have it running sshd, only if you want to connect system1 and system2 directly, you need to be able to edit the sshd.conf (and restart sshd) on the server (if it's not configured this way already)
=> Do you have root access on the server?

Offline

#33 2020-11-22 15:43:10

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

I don't have root access. I can connect through ssh and do whatever I want under my home, but I can not touch to anything else as it is a shared hosting (not a VPS).

When I try a command such as

ssh -R8022:localhost:22 system3

from my machine, I get

Warning: remote port forwarding failed for listen port 8022

Last edited by Yann (2020-11-22 15:43:44)


all different - all equal

Offline

#34 2020-11-22 15:55:42

seth
Member
Registered: 2012-09-03
Posts: 50,009

Re: [SOLVED] Communication between machines behind NATs

Probably a firewall on system3 and at this point it's pretty much game over - unless you can get access to a server that allows you to tunnel ssh or get control over the NAT, there's no way to reach the systems behind the NAT.
There're oc. commercial VPN systems, which is pretty much the same as getting hands on a useful server.

Offline

#35 2020-11-22 16:44:33

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

Hmm. I understand.

Well, if I really need it I will pay for a VPS, that will simplify everything.

Thanks for your help !


all different - all equal

Offline

#36 2020-11-22 21:16:33

seth
Member
Registered: 2012-09-03
Posts: 50,009

Re: [SOLVED] Communication between machines behind NATs

Addendum:
Depending on the server the port 8022 could already be taken by somebody else, so you could try random different ports (>1024)
You also might be able to run a second sshd intance (as your own user and listening to a port > 1024) that you might have full control over.

However, from the appearance of the server, you *should* not be able to do either and even if you can, running a second sshd instance might violate the terms of service, so be sure to not get in trouble there.
Being able to ssh into a server (eg. from your school or so) does not mean that you "have" a server - it means you've remote access to a system that's totally *not* yours.

Offline

#37 2020-11-23 10:22:15

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

I tried more or less 10 different ports over 1024.

Warning: remote port forwarding failed for listen port XXXX

Tried starting another sshd instance.

Failed to start sshd.service: Access denied

I am not in sudoers. I think I won't be able to do that on this server.

I will get a VPS when I will implement this communication functionality.

Thanks !!


all different - all equal

Offline

#38 2020-11-23 10:46:11

seth
Member
Registered: 2012-09-03
Posts: 50,009

Re: [SOLVED] Communication between machines behind NATs

"systemctl start sshd.service" (or anything) won't work, but you could try "sshd -p 2222" (starts an ssh server on port 2222)

Offline

#39 2020-11-23 11:03:59

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: [SOLVED] Communication between machines behind NATs

An interesting idea is to use NAT hole punching with a STUN server and then publish the result using some public directory, possibly opendht. Then an UDP protocol like wireguard can create a direct connection.

Here is something like that. I haven't tested it, though. https://github.com/manuels/wireguard-p2p


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#40 2020-11-23 11:13:31

seth
Member
Registered: 2012-09-03
Posts: 50,009

Offline

#41 2020-11-23 12:00:38

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

sshd is only under /usr/sbin on the server. bash doesn't find it in the executables. I have to use the absolute path.

$ /usr/sbin/sshd -p 2222
/etc/ssh/sshd_config: Permission denied

Wireguard is one of the VPN solutions I guess. The doc looks pretty complete. I think I need time to dig on all of that. It doesn't seem to be just one step to get it working. I will study that.


all different - all equal

Offline

#42 2020-11-23 12:11:57

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: [SOLVED] Communication between machines behind NATs

Yann wrote:

sshd is only under /usr/sbin on the server. bash doesn't find it in the executables. I have to use the absolute path.

$ /usr/sbin/sshd -p 2222
/etc/ssh/sshd_config: Permission denied

It looks like you'd have to create a custom config file that includes "UsePrivilegeSeparation no", choose it with -f and also replace all other paths with user readable ones.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#43 2020-11-23 13:33:56

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,449
Website

Re: [SOLVED] Communication between machines behind NATs

Also keep in mind that if there are that many hurdles, the owners / administrators of that server almost certainly don't want you doing this sort of thing.  And if they detect it - which they will if they are half competent - you may lose all access to the server.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#44 2020-11-23 13:57:09

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

Indeed, I think this is not the best idea to try all these things. I am probably going to lose more than get. At the right time, a VPS would solve everything.


all different - all equal

Offline

Board footer

Powered by FluxBB