SSL VPN
Chris G
cl at isbd.net
Thu Jun 19 21:14:14 UTC 2008
On Thu, Jun 19, 2008 at 05:05:00PM -0400, Rick Bilonick wrote:
>
> On Thu, 2008-06-19 at 13:34 +0100, Chris G wrote:
> > On Thu, Jun 19, 2008 at 08:08:54AM -0400, John Priddy wrote:
> > > >
> > > > I guess I did not explain well. First, I ssh from the server (which is
> > > > behind a firewall) out to my home computer and leave this connection
> > > > open. Then when I go home, is there any way that I can use this
> > > > connection from home? That is, can I somehow tunnel back through from
> > > > home to the server over this connection? I may be totally off base, but
> > > > I thought I read somewhere that this could be done.
> > > >
> > Yes, it can be done, I do exactly this for exactly the same reason.
> >
> > What you need to do is as follows:-
> >
> > From the 'work' computer which is behind the firewall and which
> > *does* have the ability to make ssh connections to 'home' you do
> > something like:-
> >
> > ssh -l chris -R 50022:apollo:22 -N 1.2.3.4
> >
> > 'apollo' is the hostname of the 'work' computer. 1.2.3.4 is the
> > IP address of the 'home' computer, you can use its name if it's
> > got proper DNS. 50022 is an arbitrary port number, it just has to
> > be above 1024 to be accessible to a non-root user. The "-l chris"
> > is necessary if your username is different on home and work
> > computers, it's your username on the home computer.
> >
> >
> > Then at the 'home' end you just do:-
> >
> > ssh -l chris.work -p 50022 localhost
> >
> > Obviously the (arbitrary) 50022 has to be the same at both ends.
> > You'll need the "-l chris.work" option again if, as I said, your
> > username is different at the two ends.
> >
> > --
> > Chris Green
> >
>
> Could "apollo" be an IP address? Is "work" the IP address of the work
> computer? And why "localhost"? How does it find it's way to the work
> computer?
>
Yes, "apollo" could perfectly well be an IP address. Since "work"
doesn't appear anywhere in the above commands I don't quite understand
that question. It's localhost because the ssh command from the 'work'
computer connects port 50022 on the 'home' computer (i.e. localhost)
to port 22 on the 'work' computer.
> I've looked at the ssh man page but I don't understand all the details.
> The "-N" says not to execute a command on the remote (home) computer.
>
That's right, i.e. connect to the 'home' computer but then do nothing.
> When you type the first ssh command on the work computer, what should
> you see as output?
>
Nothing (hopefully!). I actually have a shell script that runs on the
work computer and retries running the command every few hours if it
doesn't appear to be running.
--
Chris Green
More information about the fedora-list
mailing list