Editing Reverse ssh
Warning: You are not logged in.
Your IP address will be recorded in this page's edit history.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
- | Reverse | + | Reverse ssh is a term describing a method to connect to a destination host, when it's actually the host that is initiating the connection to a middle server. |
- | == | + | == Rational == |
- | If your | + | If your N900 (or any other linux machine) is hiding behind private ip addresses / firewalls / NATs that you cannot configure - basically unreachable, you can overcome these obstacles with reverse ssh. |
== How To == | == How To == | ||
- | Reverse | + | Reverse ssh depends on a common server, a machine that both the client (source) and the host (destination) can reach. |
+ | The host connects to the common server, waiting for the client to connect, then, the client connects to the common server, which in term forwards that connection to the host. | ||
== Incentive == | == Incentive == | ||
- | My N900 has unlimited | + | My N900 has unlimited 3g data connection, and I wanted to be able to ssh to it, even though it is using a private ip address which is unreachable. Reverse ssh made it possible. |
== Installation Steps == | == Installation Steps == | ||
The core of this "workaround" is very simple, it consists of : | The core of this "workaround" is very simple, it consists of : | ||
- | * Common server which has an | + | * Common server which has an ssh server accessible for both client and host |
- | * host runs the command: | + | * host runs the command : "ssh -N -C -p <commonServerPort> -R <forwardedPort>:127.0.0.1:<hostPort> commonServerHostname" |
- | * Example: | + | * Example : ssh -N -C -p 22 -R 2222:127.0.0.1:22 myHostname.no-ip.info |
- | * After connection has been set up (password is required when running the command above on the host(N900)) you connect to the common server using ssh and run the command | + | * After connection has been set up (password is required when running the command above on the host(N900)) you connect to the common server using ssh and run the command : ssh root@127.0.0.1 -p 2222 (as configured in the example). |
* You are now connected to the HOST. | * You are now connected to the HOST. | ||
== Pitfalls == | == Pitfalls == | ||
- | '''There are a few | + | '''There are a few short comings in this setup, most can be worked around.''' |
- | * In order to skip the password query on the HOST, one must copy the public SSH key from the host to the authorized_keys folder on the common server. | + | * In order to skip the password query on the HOST, one must copy the public SSH key from the host to the authorized_keys folder on the common server. |
- | + | [Steps will be added later] | |
- | * If the | + | * If the ssh connection between the host and the common server breaks, for any reason, we want it to be reconnected automatically, we can encapsulate the ssh command inside an infinite loop, using a while command : while true; do ssh -N -C -p 22 -R 2222:127.0.0.1:22 myHostname.no-ip.info; sleep 5; done |
* The command should be inserted into a script, for easy dispatch. | * The command should be inserted into a script, for easy dispatch. | ||
- | * It is possible to add the command to | + | * It is possible to add the command to /etc/network/if-up.d/ - this will cause it to get dispatched everytime 3g / wifi are connected, making your phone available immediately. |
- | + | * If the above method is used, a matching script must also be added to /etc/network/if-down.d/ to kill the looping ssh command to save some battery. | |
- | + | [Add ssh_config parameters for stability here] | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | Please don't rewrite this wiki page just yet, i'll add some content to it soon with examples and some more clarification. | |
- | + | Eitam. | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
== Credits == | == Credits == | ||
Special thanks to [http://talk.maemo.org/member.php?u=26108 Spanner] for helping me out in this [http://talk.maemo.org/showthread.php?p=696130#post696130 thread], none of this would have been possible for me without him. | Special thanks to [http://talk.maemo.org/member.php?u=26108 Spanner] for helping me out in this [http://talk.maemo.org/showthread.php?p=696130#post696130 thread], none of this would have been possible for me without him. | ||
- | |||
- | |||
- | |||
- | |||
- |
Learn more about Contributing to the wiki.