Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] SSH'ing to home with only port 80



David Bennett <davidbennett1979@example.com> wrote:

> Another question for TLUG (I would like to think my questions are
> getting more advanced, but at any rate, forgive their frequency!)
> 
>  As of yesterday only port 80 is open at work. I desperately need to
> be able to ssh into my computer at home. I was wonderig if there was
> any sort of tunnel/proxy solution that I could use?

Before you worry about tunnel/proxy solution, 
first see if having your ssh server listen on port 80 suffices.  
Also try port 443 (https port).  

> My one idea is to setup some sort of web based java ssh client on my
> webserver (the only thing visible as its on port 80) which makes a
> direct connection to the ssh on that same server. (a remote web-based
> ssh client)... problem is, I am not sure that even exists.

Such tunnels or proxies exist as Josh wrote about. 
Tunneling over html is bad (albeit sometimes necessary) thing to do.  

Another approach, is to have the home computer initiate an ssh to 
the remote computer, through which a reverse tunnel would be set up.  
This is a complicated hall of mirrors in which it is easy to get lost. 

You might use some combination. I.e., by talking to your web server 
on port 80, you could tell your home computer which IP address your 
home computer should initiate an ssh connection to, through which 
to use the reverse tunnel.  

The crazy ssh command for home computer to do so is something like: 

   ssh -f -N -l davidbennett1979 -R 1234:localhost:22 awayfromhome.com

and on the awayfromhome.com computer, execute the following ssh command: 

   ssh -p 1234 whoever@example.com

and voila!, you'll be logging into home.  

You'll trade complexity of scheme for speed. The reverse ssh tunnel 
is yuchy complex, but adds no additional bandwidth burden.  

It also (correctly!) looks to your ISP as an outgoing ssh connection 
that they would have no reason to block.  Of course, you need 
to receive incoming connections at the remote computer. 

The corkscrew solution is probably much easier.  




Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links