Social security for getting on a large amount Beat The Cycle Of Debt Beat The Cycle Of Debt for an approved in addition questions.

Remote Access to Linux without forwarding ports

Posted: January 10th, 2010 | Author: | Filed under: Linux, Tech | Tags: , , , , , , | 2 Comments »

There have been many situations that I would like to have remote access to a Linux server, but I don’t have administration rights to the network the server resides on.
A few situations I’ve run in to:
1. A friend has a server and wants you to take a quick look (but no ports forwarded)
2. Customer has a server that you need to look at, but no remote access
3. You are working locally on a server but need to leave and access it later from another location

Requirements:
1. You need to have a publicly accessible Linux server with an SSH account (please don’t use root for this!)
2. Add a dumb user that has shell access but nothing else, don’t run any applications as this user (used for SSH only)

So in the case where you are physically at the server and need to get to it later, type:
ssh -N -f -R 19999:localhost:22 sshuser@4.4.4.4

The options make it so after you authenticate with the password the shell goes to the background.

4.4.4.4 needs to be replaced with your IP/Domain of the server you control
sshuser needs to be replaced with the dumb SSH user you setup earlier

Now when you get home, ssh to your 4.4.4.4 server. Then use the Remote forwarding to get back to the original server:
ssh -p19999 sshuser@127.0.0.1
You should now be on your remote server.
If you want to kill the connection, on your public server type:
ps -ef | grep ssh

Then you can:
kill -9

Remember when I said that you must create a dumb user earlier? This is in case you are in the situation where you must give the command to someone over email and have them execute it for you. That way you aren’t handing over root-level access to your server…ever.


2 Comments on “Remote Access to Linux without forwarding ports”

  1. 1 rm -rf / summerGay said at 1:36 pm on March 16th, 2010:

    Nice write up man, quick and easy… Another good implementation with multiple customers (taken from a need to have permanent access on a regular basis anyways) would be to use OpenVPN server on that home *nix box and port forward say even to a “windows” box or a service at the customer site with a simple install on one of the site *nix boxes. Create a route and encrypted tunnel back and forth without having to route openly over the interwebs…

  2. 2 admin said at 11:53 am on April 8th, 2010:

    Great point man. Adding the extra layer to keep it open. I’ll look in to the OpenVPN server deal and test it out.


Leave a Reply

  • ERROR: si-captcha.php plugin says GD image support not detected in PHP!

    Contact your web host and ask them why GD image support is not enabled for PHP.

    ERROR: si-captcha.php plugin says imagepng function not detected in PHP!

    Contact your web host and ask them why imagepng function is not enabled for PHP.