Re: [SLE] Using SSH remotely to access a LAN?
On Mon January 12 2004 04:24 pm, Jeff Bankston wrote:
Has anyone ever set up SuSE (I'm using v9) as a server inside of a private LAN, and accessed it while on the public internet? I need to do something like have the SuSE server act as an SSH tunnel termination point, and provide access to the internal LAN whilst I'm connected on
Bruce Marshall wrote: the
public Internet.
If you were to go to www.vandyke.com and look at their VShell SSH server, this is what I'd like to do without the cost of such server software.
Thanks for any suggestions,
-Jeff
I have done this... by doing this:
1) The network setup was: internet --> DSL modem --> Router --> all boxes on internal LAN
2) I put sshd on all boxes and used a high port > 10000 for all ssh (a little harder for someone to find)
3) In the Router, I did a port forward of that high port to one of the boxen.
4) Once you get into that port-forward box, you can ssh to the other boxes.
The key is to get your ssh 'call' forwarded to one of the internal LAN boxes. Either your firewall or a Router could do that for you.
Close, so let me clarify a bit..... I SSH to the Linux box which terminates the SSH tunnel, and that Linux box now acts like a local router on the network and gives me clear IP access to the other servers on the lan. No sshd on anything, just clear IP access. Mainly because most of the other servers are all Windows NT4 boxes not yet converted to Linux as a server. Two of the servers quite unfortunately must remain as NT4, hence the clear IP access once inside of the LAN. Thanks, Jeff
Jeff Bankston wrote:
Close, so let me clarify a bit.....
I SSH to the Linux box which terminates the SSH tunnel, and that Linux box now acts like a local router on the network and gives me clear IP access to the other servers on the lan. No sshd on anything, just clear IP access. Mainly because most of the other servers are all Windows NT4 boxes not yet converted to Linux as a server. Two of the servers quite unfortunately must remain as NT4, hence the clear IP access once inside of the LAN.
Thanks, Jeff
Hi Jeff, As far as I know you'll need something like VPN to do what you want. ssh is a point-to-point service. That means you have two members to the connection only, unless you also request to forward a particular local port to a particular port on a named remote machine. I use it to connect to VNC on a remote machine in order to reconfigure that site's firewall from inside. Something like: ssh -C -X -L 5905:192.168.1.5:5901 root@remotehost.com This starts up ssh with compression, forwards any remote Xclients you start remotely to your own machine and forwards anything that looks locally at port 5905 to a machine behind the remote firewall (not neccessarily the remote ssh host) and only to port 5901 on that machine. For the remote network to be an extension of your machine (browsing hosts and so on) you need to extend the network. VPN is the way to go if your remote firewall supports it. Damian
participants (2)
-
Damian O'Hara
-
Jeff Bankston