1. ssh tunnel:

You can use ssh tunnel to connect to a computer behind a server (e.g. your machine in the office, etc.). If you don’t want shell access to the server, you can:

$ ssh -f -N -L <local_port>:<remote_machine_ip>:<remote_machine_port> <user_name>@<server_ip_or_name>; ssh -l <remote_machine_user_name> -p <local_port> <local_machine_name(e.g. localhost)>



4 Responses to SSH

  1. Stacey Ell says:

    Another nice way to do this:
    ssh -tA public_server ssh internal_server

    a few differences:
    * the middle server could possibly intercept/hijack your session on the internal machine because this doesn’t encapsulate the data between your machine and the internal machine.
    * doesn’t stack TCP on TCP (more information:

    • -A: Enables forwarding of the authentication agent connection.
      According to the man page of ssh, an attacker can manipulate the keys to authenticate herself using the identities loaded into the agent.
      I’m wondering what kind of manipulation could achieve this effect?

      • Stacey Ell says:

        Fairly easily, ssh agent forwarding leaves a named socket somewhere, usually in /tmp. If they attacker has root access, he can simply impersonate you and then use that agent socket to auth his clients to the other servers.

  2. Pingback: Computer Security | xiaonuogantan

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s