ssh

Reverse SSH Tunnel

paolo 8 Dicembre 2017 Nessun commento

Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with reverse SSH tunneling. This document will show you step by step how to set up reverse SSH tunneling. The reverse SSH tunneling should work fine with Unix like systems.

Let’s assume that Destination’s IP is 192.168.20.83 (Linux host that you want to access).

You want to access from Linux client with IP 8.7.6.5

Destination (192.168.20.83) <- |NAT| <- Source (8.7.6.5)

SSH from the destination to the source (with public ip/fqdn) using command below:
```
ssh -R 1339:localhost:22 sourceuser@8.7.6.5
```
* port 1339 can be any unused port.
Now you can SSH from source to destination through SSH tuneling:
```
ssh destinationuser@localhost -p 1339
```
3rd party servers can also access 192.168.20.83 through Destination (8.7.6.5).
Destination (192.168.20.83) <- |NAT| <- Source (8.7.6.5) <- 3rd party server
From 3rd party server:
```
ssh sourceuser@8.7.6.5
```
After the sucessful login to Source:
```
ssh destinationuser@localhost -p 1339
```
* the connection between destination and source must be alive at all time.

Tip: you may run a command (e.g. watch, top) on Destination to keep the connection active.

Linux Server

How to set up a dynamic SSH Tunnel (with PuTTY)

paolo 2 Dicembre 2017 Nessun commento

Strict requirement: a remote linux server with an openssh-server active daemon.

Let’s open PuTTY and start:

Insert your server fqdn/ip
Go to Connection Tab -> SSH -> Tunnels
Into Destination field, choose Dynamic
Choose a TCP port number that is free to use locally on your windows computer (usually any number above 1024 is ok, let’s assume 1339) and insert it into Source field
Click Add
Click Open button, connect to your server via ssh with username and password and leave the session open and active

Now the tunnel is set up to localhost on the tcp port 1339 that you specified as source port.

Now you could setup you progrma to use a SOCKS5 proxy to use the tunnel.

Linux Server

Debian 9 as a Veeam backup destination over SSH

paolo 25 Settembre 2017 Nessun commento

Clean installation of a Debian 9.
install required packages:
– openssh-server
– libsoap-lite-perl

How to mount a physical crypted disk on another debian 9 system:

apt-get install cryptsetup
apt-get install lvm2
--
lvscan
lvscan vgchange -ay
lvscan --help
lvscan
mount /dev/mapper/luks-9a9a7076-a9e3-4393-8132-bd0ee666d171 /mnt
sudo fdisk -l
fdisk -l
udisksctl unlock -b /dev/sdb5
mount /dev/dm-0 /mnt
vgchange -ay
lvscan
mount /dev/backup2-vg/root /mnt
cd /mnt/veeam_backup/
--
fdisk -l
lvscan
udisksctl unlock -b /dev/sdb5
vgchange -ay
mount /dev/dm-0 /mnt
mount /dev/backup2-vg/root /mnt
cd /mnt/veeam_backup/

How to mount a VMDK (crypted) disk on another debian 9 system:

kpartx -av .vmdk --> crea /dev/mapper/loop0p1 
lvscan
vgchange -ay
udisksctl unlock -b /dev/mapper/loop0p5
lvscan
mount /dev/backup3-vg/root /mnt   ---(o il nome della partizione /root cifrata)---

Linux Server

Accesso SSH senza password

paolo 13 Novembre 2013 Nessun commento

In una ipotetica LAN nella sottorete 192.168.0.0/24 la macchina da cui vogliamo effettuare l’accesso senza password ha l’indirizzo ip 192.168.0.2, mentre quella su cui vogliamo loggarci senza password ha 192.168.0.3.

Sulla macchina da cui vogliamo connetterci senza digitare la password (192.168.0.2), digitiamo il seguente comando per generare la chiave RSA:

[root@192.168.0.2 ]# ssh-keygen -b 2048 -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
f7:ec:0d:c8:f4:df:7a:6c:2b:1d:a1:59:ee:c7:ae:a0 
root@192.168.0.2

Poi copiamo la chiave che abbiamo generato nella macchina di destinazione

[root@192.168.0.2 ]# scp /root/.ssh/id_rsa.pub root@192.168.0.3:.

Sulla macchina su cui vogliamo autenticarci senza utilizzare la password digitiamo il seguente comando:

[root@192.168.0.3 ]#cat /root/id_rsa.pub >> /root/.ssh/authorized_keys

Finito, adesso dalla macchina 192.168.0.2 potremo loggarci sulla 192.168.0.3 senza digitare alcuna password, ma non viceversa.

Questa tecnica può essere usata per gestire le connessioni tramite rsync appoggiandosi al protocollo OpenSSH o per sfruttare comandi tipo scp per muovere file da un pc/server ad un altro anche tramite script automatici.

[root@192.168.0.2 ~]# ssh root@192.168.0.3
Last login: Thu Jul 19 15:20:29 2007 from 192.168.0.2
[root@192.168.0.3 ~]#

Reverse SSH Tunnel

How to set up a dynamic SSH Tunnel (with PuTTY)

Debian 9 as a Veeam backup destination over SSH

Accesso SSH senza password

Ti sei perso

Dynamic DNS with OVH

Firefox Amarcord

How to reset a user password on AD without meeting complexity requirements

edge specific url shortcut