OpenSSH Tunneling
Aug 1, 2008
I'm having difficulty setting up tunneling, and I was hoping someone might have some insight. My current setup works just fine if the starting computer is not located behind its own proxy. But I cannot get the connection to work from a corporate LAN, which will be necessary when I'm on premises and need to get out. I've been switching to Verizon wifi when I need various ports, but this is a bad solution due to speed.
So, I have OpenSSH setup on the computer in my home office. It's setup on port 443, and it uses my main login user and pass to accept connections. I have a .bat file that triggers the following command in PuTTy when I run it:
putty -D 8080 -P 443 -ssh xx.xxx.xxx.xxx
The connection works just fine. I can log in, see my computer structure list directories, manipulate files, etc. Wonderful.
I have a browser set up to connect using SOCKS5. Over my wifi (with no corporate firewall), this works great. When I check my IP at www.ipchicken.com (my personal fave), it gives me my home office IP, just like it should. However, when I switch to corporate LAN, the connection to my PC remains active, but I cannot tunnel out past that point. The corporate LAN is using ISA Server (WINP - 8080).
I've read a couple tutorials on how to get the corporate proxy to play nice with OpenSSH, but I can't seem to get it to work, no matter what I try. Is there something big I'm missing here? What more info can I post to help get me to the right answer?
View 4 Replies
Feb 18, 2008
I'm not sure if I have understood this option. As far as I know it means that by default only 10 unauthenticated connections are allowed. So I wonder that if some is using a brute force soft with proxies they can easily overload this limit and this way disallow me to connect to the ssh so I could not login to my own server?
View 1 Replies
View Related
Jul 3, 2009
Note: I thought I posted this yesterday, either I forgot to hit submit or a mod deleted it for some reason, if mods dont want this thread up lemme know
I have heard this from a reliabl;e source. Was a recent pretty big site that got hacked, they had a forensic speciliast come in and recover the partitons and such. There is like 500 mb of logs and such related to the hack and I have some info on it. It all started at openssh, not a password login either. The hacker was able to exploit ssh and get in without even showing up as system user somehow.
As far as getting the exploit and exact strings used it was not possible as it is encypted ssh traffic. If someone really knows how to decrypt or read that then I can get you the logs.
Anyway, one of the staff of the site that got hacked- his personal server was hacked with same method, after he upgraded to the latest version of ssh they wanst able to get back in.
So there is defintely an SSH 0day, the current Centos/RHEL SSh versions are all vulnerable. To be on the safe side I advise everyone to upgrade via source or a newer package if you can find one.
One easy way to do it is using the update script from directadmin forums - [url]
It will work on cpanel servers or any other server as well, is not control panel related. I successfully upgraded mine.
IN yum.conf you need to add *SSH* to the excludes so it doesnt get overwrote with yum update.
I guess I would consider this still a rumor as far as public opinion goes but from what I have seen and heard from various people it is true. it doesnt hurt anything to upgrade so why not to be on the safe side?
If anyone else has any info on this post on it.
View 14 Replies
View Related
May 18, 2009
my provider offers me a 10 mbit connection, but no public ip. This way, if I have a network printer behind my connection, I can't reach it.
From my understandings, if I have a VPS with a public IP, I could use it to open a tunnel with my local network printer using openVPN, and then reach the VPS to print from anywhere.
I made an example with a network printer, but it could be an FTP, a workstation, ... and all the nice things you could do with a beauty like a 10 mbit connection.
View 5 Replies
View Related
Jul 11, 2009
I am thinking about setting something up that will allow an ssh user to tunnel through the server to view certain sites. However, I want the user who tunnels in to be allowed to view only certain sites, and not all sites.
I figured I could set this up through IP tables, however, if I block all outbound sites, so goes the tunneled user. Is there a way to keep the tunnel alive while blocking all traffic outbound besides a named website, say google.com for example? The users tunneling in will have different IPs, so, I cannot use that to allow the outgoing connections. The only thing I have thought of would be to somehow allow an active connection to be able to receive outbound traffic, if they have already been connected, but, I am unsure if iptables can be set up this way.
Anyone set something like this up before, or perhaps, could point me in the right direction.
View 4 Replies
View Related
Nov 3, 2007
I am trying to set a vpn system up on a windows 2003 server, that will tunnel my and some friends internet thru it, making it secure encrypted esspecially when using unsecure devices using wifi.
we tried this on a test server with 1 network card, we manage to setup the vpn and loggin, but we cannot manage to get our internet thru it.
That is basically the most important to it, we dont want local server harddisk access or anything, just to get our internet thru the vpn so it is secure and encrypted.
The test box had 1 network card, and if we take a cheap server for this purphose it will probably have 1 card also.
Who can help us achieve this and explain us how for future refernces ? We are willing to pay a fee.
View 0 Replies
View Related
Aug 18, 2014
I have a rented VPS with 2TB of disk space and a plesk license in order to host the sites that i develop and my sites, and found myself with around 1.8TB of free space, plesk samba management and plesk vpn management but with few missing pieces for my idea. My idea was to setup vpn tunneling between my laptop and desktop to plesk server and access samba share from the server like they were in my LAN.In the firewall I have opened only the classic mail and web ports (obviously plesk access too).
View 2 Replies
View Related