Here's the thing. I'd like to access a remote host by ssh, and make a tunnel as a proxy. I did it on my windows computer with Putty. In putty, there is a "tunnels" options, add a dynamic tunnel would do the trick. That is, a (dynamic, that is in the putty's option, I don't really know what it means)tunnel at port 1111, and then I can access the internet though socks5 proxy 127.0.0.1:1111.
But now I want to make the tunnel on my openwrt router, 192.168.1.1, and access the proxy as 192.168.1.1:1111. I want to know how. There are two major question:
1.the proper command of ctl ssh to make a tunnel just as the putty did. I googled a few, but because of the 2nd question, I never know which one is correct.
2.how can I access the tunnel on the router though 192.168.1.1:1111. As I tried before with ss_local(another proxy program), I established a socks locally but it can never be accessed by my another LAN host. Are there some firewall things to do?
Does anyone know the answers? Thank you!
This is what I did to access remotely to my AP.
I used a SSH Reverse Tunnel to a remote server. Here I dump a simple script to achieve it.
key_ssh=/root/.ssh/id_rsa
user=root
ip='YOUR_SERVER_IP'
port='THE_PORT_YOU_WANT_TO_CONNECT_THROUGH'
#connect ssh
ssh -f -N -i $key_ssh -R 0.0.0.0:$port:localhost:22 $user#$ip
And in your remote server you type:
sudo su
ssh -p THE_PORT_YOU_WANT_TO_CONNECT_THROUGH localhost
You will be asked for the root password, type it and you're in.
Related
I have a client and a server. there is a firewall between them such that the client can ssh to the server, but the server can not ssh to the client.
i'd like to set up an ssh tunnel from the client to the server that would allow the server to make ssh connections back to the client.
I know there are several posts on ssh tunneling, but have not found anything that talks about this. I know its possible I just can't find it.
thanks for your time.
Try on the client
ssh -R 45849:127.0.0.1:22 <server_user#server>
Then on the server you should be able to do
ssh -p 45849 <client_user#127.0.0.1>
That's if I got everything right, otherwise try switching the 45849 and the 22 on the '-R'.
Later edit:
I've just tested it, it's all good (I was on the phone first). For something to go wrong you will have to have at least one of the following problems:
port forwarding disable on either of the servers. Check with sudo grep AllowTcpForwarding /etc/ssh/sshd_config, make sure it says yes
sshd server binding/listening interface on the client. Check with sudo netstat -lntp | grep ssh, you should see "0.0.0.0:22" listed (not sure if ":::22" helps), if you find another IP address use it instead of the "127.0.0.1" in the "-R" argument.
I'd like to run privoxy on a remote machine to remove adds when I browse the web from my laptop. My plan is to use socks5 tunnel from my local machine, pointing to an instance hosted in Google Cloud.
ssh -D 1080 -fCNq me#server.com
I have configured macOS to use 127.0.0.1:1080 as the socks proxy successfully and can access the internet. So far so good. I've also installed privoxy on the server and started it on 127.0.0.1:8118.
sudo yum install privoxy -y
sudo service privoxy start
However, I can't figure out how to connect my tunneled traffic to privoxy. How do I get all new connections after the socks connection on the server to go through privoxy?
Here's my suggestion.
On remotemachine, run privoxy listening on 127.0.0.1:8118, just as you describe.
On localmachine, run a command like the following. Authenticate as you normally would, either via password or via ssh key. (If at some point you decide that you want to do it without human intervention, you may need to use a passphraseless key, perhaps under a user created just for this purpose.) (Note that the localhost in the below refers to localhost from remotemachine's point of view!)
ssh -vnNf -L 1080:localhost:8118 remotemachine
Configure your browser on localmachine to use localhost:1080 as a socks proxy.
PROFIT
I'm pretty sure this will do the trick, but if I'm missing something please let me know and I'll try to figure it out/fix it.
I have remote host/server with ssh access.
I have my computer in my work network which can connect via ssh only
in within this network.
And i can not connect via ssh to other world because of port 22
blocked by firewall.
I am trying to create ssh tunnel to forward example localhost:80 to remote_server:22.(i suppose to connect via ssh to localhost and will be forwarded to my remote server)
I tried for example without proxy
sudo ssh -L localhost:443:remote_server_ip:22 root#remote_host_name
and with proxy
https://wiki.archlinux.org/index.php/Tunneling_SSH_through_HTTP_proxies_using_HTTP_Connect
I have read a lot and checked stackoverflow but it still is not clear for me how to resolve this issue.
Setup:
My computer (linux / unix) has an arbitrary IP address
I can connect to a central linux server which has a static ip
Remote linux systems are set up so they only respond to central server IP address on port 22
I want to port forward through the central server so I can use MySQLWorkbench and make python scripting connections on port 3306 to the remote systems.
Ideally, I would like the syntax for ssh command to make the port forwarding work;
Suppose I want to forward local port 3307 to 3306 on the remote system. Assume my ip is x.x.x.x, the central server IP is y.y.y.y, and the remote system IP is z.z.z.z;
I think it has something to do with ssh -L but I can only forward to the central server so far. Maybe I need to connect to the central server, set up forwarding there, then set up forwarding on my machine? I think functionality exists to do it with a single command using ssh.
If this is a duplicate, it should not be marked as such because without knowing what magic keyword to search for, you can't find the duplicate;
Clarification: port 3306 is NOT open on the remote server. Only 22
ssh -L :3307:z.z.z.z:3306 user#y.y.y.y -Nf
Works fine
or
ssh -L 3307:z.z.z.z:3306 user#y.y.y.y -Nf
To only bind to x.x.x.x's localhost
The first example binds to all interfaces
edit...
Just seen that z.z.z.z only has port 22 open.
on y.y.y.y you will also need to have a local port open
run on y.y.y.y
ssh -L 3307:localhost:3306 user#z.z.z.z -Nf
then on x.x.x.x
ssh -L 3307:localhost:3307 user#y.y.y.y -Nf
run these commands in a screen for best results
You can actually condense these 2 commands together
ssh -L 3307:localhost:3307 user#y.y.y.y -f 'ssh -L 3307:localhost:3306 user#z.z.z.z -Nf'
ssh -L <local-port-to-listen>:<remote-host>:<remote-port>
The āLā switch indicates that a local port forward is need to be created
Best method is to create the tunnel using putty (ssh client). so you can start the shell, and it will create the ssh tunnel for you. this is a good reference
https://howto.ccs.neu.edu/howto/windows/ssh-port-tunneling-with-putty/
Recently I buyed a Foscam wireless IP camera:
http://www.foscam.com/Products_List.asp?id=173
In my home, my laptop and my IP camera are behind a cable modem (my ISP gives me a dynamic IP) using a linksys router (I dont have a public IP).
Actually I use SSH in a basic way to learn / manage some basic things in my VPS server.
My question is (the right ssh flags and commands to achieve this):
I think that I need to create:
A tunnel from my local router to a remote VPS server where I have root access.
A portforward in the router.
Thanks in advance.
You need to add a port forward in your router from port X to port 22 on your home computer.
You can then ssh -p X username#your-home-ip.
Include the -L Y:foscamip:80 command line switch when you run ssh, assuming focscam runs a web server on port 80 (standard). Use something over 1024 for Y, like 8080.
Open up a web browser, and go to http://localhost:Y.
You have access! When you're done, simply log out of your ssh session.
Old question, but I will answer in the hope it helps someone like me. Given:
you have a VPS with root access at root#example.com
you have an RTSP-compatible IP camera in your LAN at address 192.168.1.100
you have a PC/router/Raspberry Pi able to create the tunnel
what I did was
ssh -N -f -R 10554:192.168.1.100:554 root#example.com
Exaplanation:
-N: don't execute any command via SSH
-f: put SSH in the background
-R: remote port forwarding
10554: a port to open on the VPS to access the IP camera (better if > 1024)
192.168.1.100:554: IP address and port you want to access remotely
root#example.com: user and address of your VPS
To access the RTSP stream of the camera, open rtsp://<username>:<password>#example.com:10554/<path-to-stream>.
Of course it works fine also for other kind of streams (e.g. HTTP).
Better yet, use autossh.
/usr/bin/autossh -N -f -M 0 -i /home/pi/.ssh/id_rsa -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -R 10554:192.168.1.100:554 root#example.com.
I ended up with this command reading a lot of articles on the web. I even created an autossh user on the VPS without a shell, so it can do nothing apart from port forwarding.