Timeline for How can I configure a reverse SSH connection to the connecting computer?
Current License: CC BY-SA 3.0
16 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 21, 2017 at 19:16 | comment | added | Caleb | @cxrodgers I've found the first couple minutes after a system reboot is often plagued with other issues such as unreliable networking and race conditions where other hardware is still coming to life. Giving a few minutes for the dust to settle makes for much more reliable links when you're leaving things running for reverse connections to find. Configure that for your system and what else happens on a reset for you. | |
| Mar 21, 2017 at 19:00 | comment | added | cxrodgers | Shouldn't you switch the order of the "ssh" and "sleep" commands in your while loop? This script does nothing for ten minutes before getting started. | |
| Aug 8, 2014 at 1:40 | comment | added | joeytwiddle | OpenVPN looks to be more secure than PPTP. | |
| Aug 8, 2014 at 1:27 | comment | added | joeytwiddle | @C.R. in my experience you can indeed get problems with a dead session holding on to the port 2222 until it times out, so the next ssh attempt connects fine but cannot get the port. (It warns but stays connected, so you then need to kill that client to force it to reconnect again.) So I second the advice of setting a large delay before reconnecting (10 minutes). But really setting up a VPN is a better solution, which also addresses the vulnerability concerns. | |
| May 25, 2014 at 10:30 | comment | added | gc5 |
I don't know if it is generally applicable, but my sshd config is now on /etc/ssh/sshd_config
|
|
| Mar 19, 2014 at 19:11 | comment | added | Caleb | @C.R. Try it and see. If the previous one has not released the port a now one cannot open it for listening and will give you an appropriate error. | |
| Mar 19, 2014 at 17:35 | comment | added | Siyuan Ren |
Will the repeated ssh -R somehow clash with each other? When the previous one is not closed, another ssh -R will not have any problems?
|
|
| Dec 6, 2011 at 9:23 | comment | added | Nikhil Mulley | Can this be a bad idea sometimes? If computer.b is compromised, then cannot anyone with minimal ssh access have access to the host behind the firewall? Anyone executing ssh -p 2222 localhost on computer.b can login to computer.a. Is not it? How is the user authentication being guaranteed here? I suppose not. | |
| Aug 1, 2011 at 21:39 | comment | added | Naftuli Kay | True, though I don't think that I'd really need to have more than one available at once. | |
| Aug 1, 2011 at 21:37 | comment | added | Caleb | @TKKocheran: You would have to do the mapping either way, otherwise even your lazy instantiation would run into situations where they tried to clobber eachother. | |
| Aug 1, 2011 at 21:32 | comment | added | Naftuli Kay | I guess you're right, I could just do that, but then I'd have to map ports to machines and remember which one is which, whereas the other route would be lazily instantiated, ie only create a SSH tunnel when asked. | |
| Aug 1, 2011 at 21:29 | comment | added | Caleb | @TKKocheran: There are quite a few ports to choose from ... specifically more than you will have kiosks. How is keeping an SSH tunnel open any worse than keeping an http connection open? | |
| Aug 1, 2011 at 21:12 | vote | accept | Naftuli Kay | ||
| Aug 1, 2011 at 21:12 | comment | added | Naftuli Kay | Nice. So I'd basically have each remote machine tunnel the local SSH port to a port on the local machine? It might be wise to have each machine only tunnel the connection on demand. I might be able to have each machine open a keep-alive HTTP connection and push XML data when I'd like it to attempt a reverse connection, so as to make management easier (and to not clog all of my ports ;]). Thanks! | |
| Aug 1, 2011 at 19:25 | history | edited | Caleb | CC BY-SA 3.0 |
added 128 characters in body
|
| Aug 1, 2011 at 19:19 | history | answered | Caleb | CC BY-SA 3.0 |