Deprecated: Constant E_STRICT is deprecated in /srv/http/wiki/inc/init.php on line 42

Warning: Cannot modify header information - headers already sent by (output started at /srv/http/wiki/inc/init.php:42) in /srv/http/wiki/inc/init.php on line 48

Warning: Cannot modify header information - headers already sent by (output started at /srv/http/wiki/inc/init.php:42) in /srv/http/wiki/inc/auth.php on line 437

Warning: Cannot modify header information - headers already sent by (output started at /srv/http/wiki/inc/init.php:42) in /srv/http/wiki/inc/Action/Export.php on line 104

Warning: Cannot modify header information - headers already sent by (output started at /srv/http/wiki/inc/init.php:42) in /srv/http/wiki/inc/Action/Export.php on line 104
xifnet:procedures:ssh_tunnel

Incoming SSH tunnels with the XifNet

No UPnP on ur network ? Can't open NAT ports ? Too bad…
Well, there is a solution : SSH Tunnels. Let's see how.

On ur machine :

  1. ssh-keygen -t ed25519 -f .ssh/sshtun
  2. Copy ur pub key (cat .ssh/sshtun.pub)
  3. Configure the distant machine (read below)
  4. Start the service on port [XXX]
  5. Choose port [YYYY] for the service (YYYY > 1024)
  6. ssh -f -N -T -R[YYYY]:localhost:[XXX] sshtun@[disthost].net.xif.fr -o IdentityFile=~/.ssh/sshtun
  7. ioslaves-master [me] [disthost] -C –open-port=[YYYY]
  8. Enjoy : connect to the service at [disthost].net.xif.fr:[YYYY]

On the XifNet distant machine :

  1. useradd sshtun -s /bin/nologin
  2. sudo -u sshtun sh -c "cd ~ && mkdir -m 700 .ssh && nano .ssh/authorized_keys && chmod 600 .ssh/authorized_keys"
    • In authorized_keys : add no-pty,no-agent-forwarding ssh-ed25519 [the_key] [the_host]
  3. Edit /etc/ssh/sshd_config and set
    • GatewayPorts yes to enable listening on * iface
    • PermitTunnel yes
  4. systemctl restart sshd

And then admire ur work with lsof -Pi

Note : sshtun@nashorn.net.xif.fr is already configured so.