Skip to main content

SSH reverse tunnel

# ssh -nNT -R 10.36.1.6:14344:10.36.1.5:80 10.36.1.6

The "-n" option prevents reading from STDIN. Redirection from /dev/null to STDIN.
"-N" tells ssh that the tunnel is not for executing remote commands.
"-T" tells ssh not to allocate a pseudo-tty on the remote system.
"-T" disables pseudo-tty allocation.

Rough diagram:
10.36.1.5:80 <--- 10.36.1.6:14344

To avoid timeout:

In /etc/ssh/sshd_config on the server:
TCPKeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 99999

To enable binding address in ssh -R:
GatewayPorts yes


Man page docu for -R switch:
-R [bind_address:]port:host:hostport

Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine.

Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified by enclosing the address in square braces or using an alternative syntax: [bind_address/]host/port/hostport.

By default, the listening socket on the server will be bound to the loopback interface only. This may be overriden by specifying a bind_address. An empty bind_address, or the address "*", indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the serverâs GatewayPorts option is enabled (see sshd_config(5)).

Comments

Popular posts from this blog

Globe's HOOQ.TV an (unethical) scam!!

After being terribly disappointed with the subscription stage and after also after a very disappointing test drive (at least Netflix tries to be do-no-evil), I am now very disappointed with the un-subscription of HOOQ.tv with Globe.


Globe sends me a message:


Hi! We'd like to remind you that your free HOOQ will end in 7 days on 10/27/2015. Upon expiry, your subscription will auto-renew to the paid version for P149 per month. If you don't want the paid version, text HOOQ STOP to 8888. before the expiry date. Thank you!


I send the HOOQ STOP to 888 and received:


Sorry, you have entered an invalid keyword. Please make sure your keyword is correct with no extra characters and spaces. For more info on promos, dial *143#, FREE from your Globe/TM mobile phone.


I called Globe Support (211).


Here's the scam:


- GoSurf 999 comes with the HOOQ Free Plan


- After the Free HOOQ Plan (which you did not use because it sucks) expires, it will auto-renew without your consent (!!! UNETHICAL !!!…

Use Private Internet Access (PIA) in DigitalOcean

tags: PrivateInternetAccess, Digital Ocean, VPS, VPN

This runs the PIA VPN using OpenVPN all from the command line.

sudo apt-get install openvpn network-manager-openvpn Not sure if you need network-manager-openvpn.

sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip Extract. Move ca.crt and crl.pem to /etc/openvpn

Move "Hong Kong.ovpn" to "/etc/openvpn/Hong Kong.config" for example.

Modified the following lines.

auth-user-pass /etc/openvpn/login.conf route-up /etc/openvpn/route-up.sh
These are the contents of these files.

# cat /etc/openvpn/login.conf username password
Replace with your username and password.

# cat route-up.sh  #!/bin/bash
ip route flush table 100 ip route flush cache ip rule add from x.x.x.x table 100 ip route add table 100 to y.y.y.y/y dev ethX ip route add table 100 default via z.z.z.z
Replace x.x.x.x with your public IP address, y.y.y.y/y with your subnet. Compute using http://jodies.de/ipcalc. Hint: Input public IP and netmask, y…

aircrack-ng (rt2x00 Mac80211 Linux wireless stack) in Ubuntu Trusty 14.04 (14.0.4.1) LTS

Ubuntu is actually installed in a Virtualbox virtual machine on Mac OS X Yosemite 10.10 (10.10.2). Before proceeding read the important intro below from http://www.aircrack-ng.org/doku.php?id=cracking_wpa#introduction
Install aircrack-ng suite.

$ sudo apt-get install aircrack-ng
It should install and provide the following.
# dpkg -s aircrack-ng Package: aircrack-ng Status: install ok installed Priority: optional Section: net Installed-Size: 2167 Maintainer: Ubuntu Developers Architecture: amd64 Version: 1:1.1-6 Depends: libc6 (>= 2.15), libgcrypt11 (>= 1.4.5), libsqlite3-0 (>= 3.5.9), zlib1g (>= 1:1.1.4), wireless-tools, iw Recommends: wget Description: wireless WEP/WPA cracking utilities  aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a  40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets  have been gathered. Also it can attack WPA1/2 networks with some advanced  methods or simply by brute force.  .  It implements the standard FMS attack alon…