SSL VPN

Rick Bilonick rab at nauticom.net
Thu Jun 19 21:05:00 UTC 2008


On Thu, 2008-06-19 at 13:34 +0100, Chris G wrote:
> On Thu, Jun 19, 2008 at 08:08:54AM -0400, John Priddy wrote:
> > > 
> > > I guess I did not explain well. First, I ssh from the server (which is
> > > behind a firewall) out to my home computer and leave this connection
> > > open. Then when I go home, is there any way that I can use this
> > > connection from home? That is, can I somehow tunnel back through from
> > > home to the server over this connection? I may be totally off base, but
> > > I thought I read somewhere that this could be done.
> > > 
> Yes, it can be done, I do exactly this for exactly the same reason.
> 
> What you need to do is as follows:-
> 
>     From the 'work' computer which is behind the firewall and which
>     *does* have the ability to make ssh connections to 'home' you do
>     something like:-
> 
>         ssh -l chris -R 50022:apollo:22 -N 1.2.3.4
> 
>     'apollo' is the hostname of the 'work' computer.  1.2.3.4 is the
>     IP address of the 'home' computer, you can use its name if it's
>     got proper DNS.  50022 is an arbitrary port number, it just has to
>     be above 1024 to be accessible to a non-root user.  The "-l chris"
>     is necessary if your username is different on home and work
>     computers, it's your username on the home computer.
> 
> 
>     Then at the 'home' end you just do:-
> 
>         ssh -l chris.work -p 50022 localhost
> 
>     Obviously the (arbitrary) 50022 has to be the same at both ends.
>     You'll need the "-l chris.work" option again if, as I said, your
>     username is different at the two ends.
> 
> -- 
> Chris Green
> 

Could "apollo" be an IP address? Is "work" the IP address of the work
computer? And why "localhost"? How does it find it's way to the work
computer? 

I've looked at the ssh man page but I don't understand all the details.
The "-N" says not to execute a command on the remote (home) computer.

When you type the first ssh command on the work computer, what should
you see as output?

Thanks.

Rick B.




More information about the fedora-list mailing list