similar to: Reverse tunnel security settings

https://bugzilla.mindrot.org/show_bug.cgi?id=2038 Priority: P5 Bug ID: 2038 Assignee: unassigned-bugs at mindrot.org Summary: permitopen functionality but for remote forwards Severity: enhancement Classification: Unclassified OS: Other Reporter: damonswirled at gmail.com Hardware: Other

Numerous how-tos all over the Internet show how one would set up a tunnel using ssh, e.g.: ssh -f -o Tunnel=ethernet <server_ip> true I was wondering if there's a way to subsequently acquire the names of the local and remote tun/tap interfaces (e.g., using the default "-w any:any") for subsequent automatic tunnel configuration, e.g.: ip link set $TapDev up ip link set

On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote: > Hi Devin, have you looked at using openssh certificates to help manage [...] > While the feature has been around for a while now (and is really > useful), there doesn't seem to be huge amount of documentation around > it. I found the following useful when getting a client of my running Yeah, when I wrote about it

I ran the following command to create a reverse tunnel from another server back to my local host ssh -4xnT -o PreferredAuthentications=publickey -o ConnectTimeout=10 -o BatchMode=yes -f \ -o ExitOnForwardFailure=yes -N -R myTargetHost:2525:myLocalHost:25 myUser at myTargetHost and on machine=myTargetHost, the port 2525 was already being utilized, so it gave me this error and exited: ? ?? Error:

Am 05.04.2018 um 14:11 schrieb Alexander Wuerstlein: > On 2018-04-05T14:07, Nico Kadel-Garcia <nkadel at gmail.com> wrote: >> How difficult would it be to leave a scheduled security check to >> look for "ssh[ \t].*-R.*" expressions with "pgrep", and file a >> security abuse report if such processes are seen? It could be >> worked around, but

https://bugzilla.mindrot.org/show_bug.cgi?id=2649 Bug ID: 2649 Summary: Problem with reverse tunnel between SSH client 5.5p1 and SSH server > 6.4p1 Product: Portable OpenSSH Version: 6.7p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5

On Thu, Apr 5, 2018 at 7:13 AM, Jan Bergner <jan.bergner at indurad.com> wrote: > Hello all. > > First of all, I want to extend my sincere thanks to all the people who > came to the rescue so quickly. > > In any case, there is obviously room for clarification on my part, so I > will try to describe the situation we had in more detail. > > In short: > Employees

First, all credit to Vladimir Parkhaev as this is his code. He may have submitted this before for all I know, but I for one definitely would like to see this end up in the codebase, so I'm submitting it. *** openssh-5.1p1/serverloop.c Fri Jul 4 09:10:49 2008 --- openssh-5.1p1-RCFHACKS/serverloop.c Thu Jan 29 08:56:11 2009 *************** *** 957,962 **** --- 957,968 ---- c =

Hello I'm trying to create compatibility with an automated system that I do not have control over and cannot change. The system was built to connect to individual embedded linux machines that create reverse tunnels back to a server. These tunnels take the form: /bin/ssh -i /home/remote/.ssh/id_rsa -Nnx2TR 22000:127.0.0.1:22 robot at externalhost /bin/ssh -i /home/remote/.ssh/id_rsa -Nnx2TR

Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of

On Apr 4 13:58, Nico Kadel-Garcia wrote: > On Wed, Apr 4, 2018 at 11:43 AM, Alexander Wuerstlein > <snalwuer at cip.informatik.uni-erlangen.de> wrote: > > On 2018-04-04T17:27, mlrx <openssh-unix-dev at 18informatique.com> wrote: > >> Le 04/04/2018 ? 13:32, Jan Bergner a ?crit : > >> > Good day! > >> > > >> > Is it possible to

Good day! A few weeks ago, we had a security breach in the company I'm working for, because employees used "ssh -R" to expose systems from our internal network to some SSH server in the outer world. Of course, this is a breach of our internal security policy, but lead us to wonder, whether there is a technical solution to prevent our users from creating SSH-reverse-tunnels. After

On 2018-04-04T17:27, mlrx <openssh-unix-dev at 18informatique.com> wrote: > Le 04/04/2018 ? 13:32, Jan Bergner a ?crit?: > > Good day! > > > > Is it possible to achieve this without nasty workarounds like wrapper > > scripts monitoring the very-verbose output of SSH or doing DPI? > > Alternatively, would it be possible to add a config option, allowing an

https://bugzilla.mindrot.org/show_bug.cgi?id=1552 Summary: Patch to log tunnel information Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jblaine at

before inlining all 20005 after inlining somewhere here changed made it NoAlias after Global Variable Optimizer 20014 20373 20255 20372 20254 before GVN 19993 20011 19991 20010 20030 It appears that TBAA metadata certainly changed after inlining and subsequent passes. I have attached the .bc file. I think I will try to dump out more TBAA metadata between passes. The method in

On 25.04.24 17:15, openssh-unix-dev-request at mindrot.org digested: > Subject: how to block brute force attacks on reverse tunnels? > From: Steve Newcomb <srn at coolheads.com> > Date: 25.04.24, 17:14 > > For many years I've been running ssh reverse tunnels on portable Linux, > OpenWRT, Android etc. hosts so they can be accessed from a server whose > IP is stable

For many years I've been running ssh reverse tunnels on portable Linux, OpenWRT, Android etc. hosts so they can be accessed from a server whose IP is stable (I call such a server a "nexus host"). Increasingly there's a problem with brute force attacks on the nexus host's tunnel ports. The attack is forwarded to the portable tunneling host, where it fails, but it chews up

Howdy. Trying to set up a persistent SSH connection from a remote host, to my own machine with a LocalForward. I am running the ssh process in the foreground so it can be maintained by djb's daemontools to ensure that the connection stays open at all times. But, I am having a problem with the following command (even when run manually from a shell): ssh -N tarkin where in ~/.ssh/config I

https://bugzilla.netfilter.org/show_bug.cgi?id=892 Summary: ip6tables --match policy needs to accept IPv4 addresses for --tunnel-src and --tunnel-dst Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: ip6tables

Hello Gurus, I am a small problem with routing and here are the details. Interfaces on my server: * ipsec0 - 172.19.58.94 * tunl0 - 172.19.58.94 * eth0 - 172.19.58.94 Now, the problem is that there is another host 172.19.58.200. All communication to 172.19.58.200 should be through tunl0, and all the data should be secured using IPSec (tunnel mode - because there are more machines on my