Incoming SSH tunnels with the XifNet
No UPnP on ur network ? Can't open NAT ports ? Too bad…
Well, there is a solution : SSH Tunnels. Let's see how.
On ur machine :
ssh-keygen -t ed25519 -f .ssh/sshtun
- Copy ur pub key (
cat .ssh/sshtun.pub
) - Configure the distant machine (read below)
- Start the service on port
[XXX]
- Choose port
[YYYY]
for the service (YYYY
> 1024) ssh -f -N -T -R[YYYY]:localhost:[XXX] sshtun@[disthost].net.xif.fr -o IdentityFile=~/.ssh/sshtun
ioslaves-master [me] [disthost] -C –open-port=[YYYY]
- Enjoy : connect to the service at
[disthost].net.xif.fr:[YYYY]
On the XifNet distant machine :
useradd sshtun -s /bin/nologin
sudo -u sshtun sh -c "cd ~ && mkdir -m 700 .ssh && nano .ssh/authorized_keys && chmod 600 .ssh/authorized_keys"
- In
authorized_keys
: addno-pty,no-agent-forwarding ssh-ed25519 [the_key] [the_host]
- Edit
/etc/ssh/sshd_config
and setGatewayPorts yes
to enable listening on*
ifacePermitTunnel yes
systemctl restart sshd
And then admire ur work with lsof -Pi
Note : sshtun@nashorn.net.xif.fr
is already configured so.