[Server-devel] Trying to access a school server from the outside world
James Cameron
quozl at laptop.org
Fri Jun 12 20:39:21 EDT 2015
There was talk of OpenVPN earlier, many months ago.
If you must open SSH, use a port number chosen randomly, ensure
password authentication is turned off, and make sure there's no way
for the kids to create .ssh/authorized_keys files.
The next problem is changes to IP address. When both ends of the link
have dynamic addresses, I use an SSH relay.
On the XSCE instance create this script:
#!/bin/sh
while true; do
socat -t5 \
tcp:relay.example.com:20934,forever,interval=10,fork \
tcp:localhost:22
sleep 1
done
And then ensure it is run, e.g. using /etc/rc.d/rc.local or some other
method.
On your SSH server relay.example.com, run this command:
socat \
tcp-listen:23016,reuseaddr,fork \
tcp-listen:20934,reuseaddr,retry=10
On your local system, edit .ssh/config to contain:
Host fred
Hostname relay.example.com
Port 23016
User root
ConnectTimeout 300
And then connect by typing "ssh fred".
The resulting connection to sshd appears to come from localhost.
It can be a bit slower than normal.
--
James Cameron
http://quozl.linux.org.au/
More information about the Server-devel
mailing list