xifnet:procedures:ssh_tunnel

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
xifnet:procedures:ssh_tunnel [2016/10/31 15:53] xifxifnet:procedures:ssh_tunnel [2017/05/21 13:52] (current) xif
Line 1: Line 1:
 +====== Incoming SSH tunnels with the XifNet ======
  
 +No UPnP on ur network ? Can't open NAT ports ? Too bad... \\
 +Well, there is a solution : **SSH Tunnels**. Let's see how.
 +
 +__On ur machine__ :
 +  - ''ssh-keygen -t ed25519 -f .ssh/sshtun''
 +  - Copy ur pub key (''cat .ssh/sshtun.pub'')
 +  - Configure the distant machine (read below)
 +  - Start the service on port ''[XXX]''
 +  - Choose port ''[YYYY]'' for the service (''YYYY'' > 1024)
 +  - ''ssh -f -N -T -R[YYYY]:localhost:[XXX] sshtun@[disthost].net.xif.fr -o IdentityFile=~/.ssh/sshtun''
 +  - ''ioslaves-master [me] [disthost] -C --open-port=[YYYY]''
 +  - Enjoy : connect to the service at ''[disthost].net.xif.fr:[YYYY]''
 +
 +__On the XifNet distant machine__ :
 +  - ''useradd sshtun -s /bin/nologin''
 +  - ''sudo -u sshtun sh -c "cd ~ && mkdir -m 700 .ssh && nano .ssh/authorized_keys && chmod 600 .ssh/authorized_keys"''
 +    * In ''authorized_keys'' : add ''no-pty,no-agent-forwarding ssh-ed25519 [the_key] [the_host]''
 +  - Edit ''/etc/ssh/sshd_config'' and set 
 +    * ''GatewayPorts yes'' to enable listening on ''*'' iface
 +    * ''PermitTunnel yes''
 +  - ''systemctl restart sshd''
 +
 +And then admire ur work with ''lsof -Pi''
 +
 +__Note__ : ''sshtun@nashorn.net.xif.fr'' is already configured so.
  • xifnet/procedures/ssh_tunnel.txt
  • Last modified: 2017/05/21 13:52
  • by xif