OT: Reverse ssh [was: strange races in screen -D -m `tty`?]

[janth]

On Wed, Apr 27, 2005 at 03:37:38PM +0300, Tomas Juknevicius wrote:
> John Davidorff Pell wrote:
> 
> > To turn on echo you can just run `stty echo'. :-)
> >
> > I'm very intreagued by your abuse of screen. You've solved (in a
> > rather obtuse way) a dilema I've had for a while! How to reverse
> > ssh! :-D
> >
> > JP
> >
> 
> Hehe,
> My coleagues also think that I am a bit nutty :) - always trying to
> ask hard questions, solve atypical situations.
> We are mostly M$ shop here, but also have a couple of people,
> who prefer to work on Linux. Me - I'm just starting to discover it...
> Step by step - a bit of cygwin at work, dual boot to Win/Lin
> at home :)
> 
> What I've noticed, that even among the current Linux users
> the old and glorious tty lore is often forgotten, or not understood
> enough. The GUI is rampant everywhere ;).
> Thats why I'm fascinated with screen. Its like the old
> antiquity, archeologic artefact from ancient times, long forgotten
> lore of commanding text screens, swiss army knife manage the
> terminals :D
> 
> 
> >To turn on echo you can just run `stty echo'. :-)
> Thanks for a tip. Seems like i've haven't read the approriate man page.
> Oh well  :)
> 
> "How to reverse ssh" - interesting, in fact my original formulation
> of the question was exactly this!! :D
> Only when writting the letter, I've reformulated the question and broken
> it into smaller pieces - for better understanding.
> 
> In fact I solved this problem by decomposing it  into 2 problems.
> One "to flip over" the console at remote end of the ssh pipe.
> This is achieved with - exec screen -D -m `tty`
> The other to attach bash to the local end of the ssh pipe.
> Here I simply run ssh in screen, and then attach bash
> as a screen session subprocess - exec ::: /bin/bash

If you want reverse ssh given the settings

local --(ssh)--> intermediate --(ssh)--> remote

and remotehost is heavily firewalled and not allowed to ssh out,
you could achieve this with ssh alone:

config:
   create a ssh rsa key:
   local:
      ssh-keygen -t rsa -f ~/.ssh/id_rsa_intermediate

   local:~/.ssh/config:
      host remote
         Hostname intermediate
         IdentityFile ~/.ssh/id_rsa_intermediate
         ForwardAgent yes
         ForwardX11 yes
         RemoteForward 22022 127.0.0.1:22

   intermediate:~/.ssh/config:
      host remote
         Hostname remote
         IdentityFile ~/.ssh/id_rsa_intermediate
         ForwardAgent yes
         ForwardX11 yes
         RemoteForward 2222 127.0.0.1:22022

   intermediate:~/.ssh/authorized_keys:
      from="local",environment="SSHVIA=1",command="sh -c 'ssh remote 
${SSH_ORIGINAL_COMMAND:-}'" ssh-rsa <insert 
local:~/.ssh/id_rsa_intermediate.pub here> address@hidden


   remote:~/.ssh/config:
      host local
         Hostname 127.0.0.1
         ForwardX11 yes
         Port 2222

   remote:~/.ssh/authorized_keys:
      from="intermediate",environment="SSHVIA=2" ssh-rsa <insert 
local:~/.ssh/id_rsa_intermediate.pub here> address@hidden



executing:

   localuser at local:
      ssh remote

and then

   remoteuser at remote:
      ssh local

This gives remoteuser at remote an ssh-connection to local, tunneled in
reverse through the ssh-connection from local via intermediate to remote
established previously by localuser.

More info, including ssh through SOCKS can be found here:
www.taiyo.co.jp/~gotoh/ssh/connect.html


--
Jan Thomas Moldung