Skip to main content

SSH reverse tunnel 

# ssh -nNT -R 10.36.1.6:14344:10.36.1.5:80 10.36.1.6

The "-n" option prevents reading from STDIN. Redirection from /dev/null to STDIN.
"-N" tells ssh that the tunnel is not for executing remote commands.
"-T" tells ssh not to allocate a pseudo-tty on the remote system.
"-T" disables pseudo-tty allocation.

Rough diagram:
10.36.1.5:80 <--- 10.36.1.6:14344

To avoid timeout:

In /etc/ssh/sshd_config on the server:
TCPKeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 99999

To enable binding address in ssh -R:
GatewayPorts yes


Man page docu for -R switch:
-R [bind_address:]port:host:hostport

Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine.

Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified by enclosing the address in square braces or using an alternative syntax: [bind_address/]host/port/hostport.

By default, the listening socket on the server will be bound to the loopback interface only. This may be overriden by specifying a bind_address. An empty bind_address, or the address "*", indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the serverâs GatewayPorts option is enabled (see sshd_config(5)).

Comments

Post a Comment

Popular posts from this blog

Zenoss: monitor free VMWare ESXi version

We confirmed that the free ESXi version does not allow SNMP gets, only traps. The original script was taken from here: http://communities.vmware.com/docs/DOC-7170 Modified script: http://mirakulo.com/pub/esxi/check_esx_wbmem.py We added Fan and power supply, hinted from this page: http://www.stephenjc.com/2009/01/whatsup-vmware-esxi-monitor-these.html Use this guide to add the Data source: http://www.zenoss.com/community/docs/howtos/create-modify-nagios-templates Added as template under: /Devices /Server /VMWare /ESXi /Templates /esxi-monitor /check_esx_wbmem Name: check_esx_wbmem Source Type: Command Enable true Use SSH false Component: blank Event class: /VMWare/ESXi Severity: Error Cycle time: 60 Parser: auto Command template: /usr/local/zenoss/python/bin/python /opt/zenoss/libexec/check_esx_wbmem.py https://${dev/manageIp}:5989 root passwd To bind this template to ESXi nodes, go to the device: Example: /Devices /Server /VMWare /ESXi /esxi-01.prod.corp.org then to its temp...
6 comments
Read more

ld: unrecognized option '--hash-style=both'

gcc -Wl,-Map=contiki.map,-export-dynamic testv6.co obj_linux-native/socketdev_listener.o \ contiki-linux-native.a -o testv6.linux-native /usr/local/bin/ld: unrecognized option '--hash-style=both' /usr/local/bin/ld: use the --help option for usage information collect2: ld returned 1 exit status If you look closely, the error is something related to the local gcc not using the host's linker (ld). $ which gcc /usr/bin/gcc $ which ld /usr/local/bin/ld For some reason, I messed my compiler path. To synchronized gcc to use the host's dynamic linker (i.e. /usr/bin/ld ), set the environment variable COMPILER_PATH to /usr/bin . $ export COMPILER_PATH=/usr/bin $ echo $COMPILER_PATH /usr/bin $ gcc -print-prog-name=ld /usr/bin/ld
9 comments
Read more

Resetting admin password in IBM System p5 510 Express ASMI

These are the steps in resetting the admin password: 0. Re-route stored static in your body via an ESD wrist strap to a metallic element. 1. Look for the 2 toggle switches and service processor batt. The batt should be in front of the Power Supply 1 and Power Supply 2 (codes: E1 and E2, see Rear Location Codes on the cover plate). The "very tiny" toggle switches should be in the area of P1-C14 slot. I forgot the exact sequence but it should be a combination of the ff. step (2): 2. Remove the battery, toggle the switches to the opposite direction. Allows some time for the caps to discharge. 3. Move back the toggle switches and put back the batt in its place. 4. Assign your PC to Class C subnet (i.e. masked 255.255.255.0 ): IPaddr: 192.168.2.x for HMC1 or IPaddr: 192.168.3.x for HMC2 5. Ping HMC1 or HMC2. Access the web interface using the default address: http://192.168.2.147 (for HMC1) or http://192.168.3.147 (for HMC2) Note: Sometimes you have to force the https protocol: ...
1 comment
Read more