Post by thread:[OT] Web based SSH/Telnet proxy?

I'm at a remote location for a few weeks. I have internet access just fine and dandy, but the IT department refuses to unblock the SSH port so I can check some of my other mail accounts. This is very frustrating to me, and it seems like they are mostly just unaware of what SSH is. Seems like a lot more mischief happens over port 80. In any case, I was wondering if anyone's come across any web based SSH (or failing that, a telnet) proxy. I found MindTerm which is a Java SSH applet, but it still tries to run out the same port on your computer. Any ideas? -j -- A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. -Douglas Adams

Josh, Did you have a look at Hamachi? It is a very neat tool. My home firewall blocks all incoming traffic but using Hamachi, I am still able to connect using ssh. The tool can be found at http://www.hamachi.cc/ http://grc.com/securitynow.htm#18 "Hamachi Rocks" presents an independent description of Hamachi and explains in more details how it works. Sincerely, David. On 5/2/06, Josh Koffman <spam_OUTjoshybearTakeThisOuTgmail.com> wrote: {Quote hidden}> I'm at a remote location for a few weeks. I have internet access just > fine and dandy, but the IT department refuses to unblock the SSH port > so I can check some of my other mail accounts. This is very > frustrating to me, and it seems like they are mostly just unaware of > what SSH is. Seems like a lot more mischief happens over port 80. > > In any case, I was wondering if anyone's come across any web based SSH > (or failing that, a telnet) proxy. I found MindTerm which is a Java > SSH applet, but it still tries to run out the same port on your > computer. > > Any ideas? > > -j > -- > A common mistake that people make when trying to design something > completely foolproof is to underestimate the ingenuity of complete > fools. > -Douglas Adams > > -

On 5/2/06, rwuest <.....rwuestKILLspam@spam@wuest.org> wrote: > > If the remote end is a *nix box, run '/usr/sbin/sshd -p 80' on it (kill web > server first, of course). > > Then connect with 'ssh -p 80 remote' It is a BSD box, but sadly I don't admin it. I'll make the suggestion though...as soon as I can email him heh. Josh -- A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. -Douglas Adams

On 5/2/06, David Segonds <davidKILLspamsegonds.org> wrote: > Did you have a look at Hamachi? It is a very neat tool. My home > firewall blocks all incoming traffic but using Hamachi, I am still > able to connect using ssh. > > The tool can be found at http://www.hamachi.cc/ > > http://grc.com/securitynow.htm#18 "Hamachi Rocks" presents an > independent description of Hamachi and explains in more details how it > works. Hm....interesting. While I'd like to avoid having to leave the computer at home on all day, it's an interesting idea. I suppose I could also do VNC, though I guess this will be faster as all I'll be passing over the network will be my actual ssh session rather than the video of my ssh session on another machine. Do you know if this sends _all_ your IP traffice through Hamachi, or do you select which applications to tunnel? Also, I'm curious how it deals with dynamic IPs on the host computer. Well, off to the docs! Josh -- A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. -Douglas Adams

Josh, > Hm....interesting. While I'd like to avoid having to leave the > computer at home on all day, it's an interesting idea. I suppose I > could also do VNC, though I guess this will be faster as all I'll be > passing over the network will be my actual ssh session rather than the > video of my ssh session on another machine. VNC will work too and be secure as Hamachi is encrypted everything. You can also use remote desktop even though I have not tried. > Do you know if this sends _all_ your IP traffice through Hamachi, or > do you select which applications to tunnel? Also, I'm curious how it > deals with dynamic IPs on the host computer. Well, off to the docs! All your traffic for your target computer goes encrypted through the Hamachi tunnel. This means that you need to trust to computer you are using to communicate with the computer behind the firewall or run a software firewall on the machine behind the firewall. Hamachi is assigning a unique IP address to the machine running the daemon in the 5.x.x.x range. I am using zoneedit.com for my external DNS needs. It's free. The machine behind the firewall can by dynamically assigned. it does not matter. The podcast is really informative and I will start by listening to it. Sincerely, David. -- David Segonds PGP: 1F7A3E7A Finger: 9949 521B 1B39 CE5A E193 FC49 866A 1255 1F7A 3E7A

Being totally ignorant of what ssh is, I'll throw my oar in. Have you tried a port redirect facility like no-ip.com. You can send on port 80 to a named service you set up (free) & it gets redirected to you home ip address on the required port. I may be totally wrong but it might be worth a try. Richard P On 03/05/06, Josh Koffman <.....joshybearKILLspam.....gmail.com> wrote: {Quote hidden}> On 5/2/06, David Segonds <EraseMEdavidspam_OUTTakeThisOuTsegonds.org> wrote: > > Did you have a look at Hamachi? It is a very neat tool. My home > > firewall blocks all incoming traffic but using Hamachi, I am still > > able to connect using ssh. > > > > The tool can be found at http://www.hamachi.cc/ > > > > http://grc.com/securitynow.htm#18 "Hamachi Rocks" presents an > > independent description of Hamachi and explains in more details how it > > works. > > Hm....interesting. While I'd like to avoid having to leave the > computer at home on all day, it's an interesting idea. I suppose I > could also do VNC, though I guess this will be faster as all I'll be > passing over the network will be my actual ssh session rather than the > video of my ssh session on another machine. > > Do you know if this sends _all_ your IP traffice through Hamachi, or > do you select which applications to tunnel? Also, I'm curious how it > deals with dynamic IPs on the host computer. Well, off to the docs! > > Josh > -- > A common mistake that people make when trying to design something > completely foolproof is to underestimate the ingenuity of complete > fools. > -Douglas Adams > > -

In message <3e0a4bc40605021344y4cdf56c7o1453f2892d365370spam_OUTmail.gmail.com>> "Josh Koffman" <@spam@joshybearKILLspamgmail.com> wrote: > I'm at a remote location for a few weeks. I have internet access just > fine and dandy, but the IT department refuses to unblock the SSH port > so I can check some of my other mail accounts. This is very > frustrating to me, and it seems like they are mostly just unaware of > what SSH is. Seems like a lot more mischief happens over port 80. I've been using a tool called ProxyTunnel (http://proxytunnel.sourceforge.net) to punch through firewalls. You set your SSH server to listen on port 443, then you use PT with OpenSSH to make a connection to the SSH server through the proxy. PuTTY can even do this without external software. Problem is, if you don't have a server you can configure to listen for SSH connections on port 443, you're SOL. Unless the proxy is configured to allow outbound connections on port 22... -- Phil. | Kitsune: Acorn RiscPC SA202 64M+6G ViewFinder KILLspamphilpemKILLspamdsl.pipex.com | Cheetah: Athlon64 3200+ A8VDeluxeV2 512M+100G http://www.philpem.me.uk/ | Tiger: Toshiba SatPro4600 Celeron700 256M+40G

In message <RemoveME3e0a4bc40605021814u66f0cbf3h611566936e3380b2TakeThisOuTmail.gmail.com>> "Josh Koffman" <spamBeGonejoshybearspamBeGonegmail.com> wrote: > Hm....interesting. While I'd like to avoid having to leave the > computer at home on all day, it's an interesting idea. Here's a solution for you: Linksys NSLU2: about $60 iirc USB hard drive, or pendrive: about $20 Flash the NSLU2 with DebianSlug, install it on the USB drive, then wire it up to your router and set up a port forward. I've got an NSLU2 here - it's handling ADSL routing, network file serving (Samba, aka SMB or Windows File Sharing and NFS), email fetching and serving (UW-IMAP, Postfix and Fetchmail), basic spam filtering (Bogofilter - which AFAICT has a false-negative rate of about 99%), webserving (Cherokee) and SSH. I've found the Fujitsu FDX310 DSL modem to be horrendously unreliable - mine will lose line sync seemingly at random. Since I swapped the FDX for a Thomson/Alcatel Speedtouch 330 and started using the "speedtch" kernel driver, I've had a solid ADSL connection for about a week with no line drops. If you get an NSLU2, be warned that they don't power up automatically when the power supply starts up. I installed a PIC12F675 in mine to pull the /POWER_ON signal down about a second after it gets power. It's also worth removing the clock-limiting resistor while you've got it in bits. Linksys underclock the NSLU2 by default - if you remove the limiting resistor you can get an NSLU2 to run at the full 266MHz, usually with no problems. Considering the NSLU2 is sold as a USB file server (and the fact it only pulls about 10W of power - 5V at 2A), it's a very capable device. BTW, about an amp of that 2A is reserved for USB devices, so a bare NSLU2 will probably pull about an amp (so around 5W). If anyone reading this has got a spare NSLU2 they want rid of (or one that they've fried the firmware on), I'd be only too happy to give it a home :) -- Phil. | Kitsune: Acorn RiscPC SA202 64M+6G ViewFinder TakeThisOuTphilpemEraseMEspam_OUTdsl.pipex.com | Cheetah: Athlon64 3200+ A8VDeluxeV2 512M+100G http://www.philpem.me.uk/ | Tiger: Toshiba SatPro4600 Celeron700 256M+40G

Phil, On Wed, 03 May 2006 15:45:45 +0100, Philip Pemberton wrote: >... > If anyone reading this has got a spare NSLU2 they want rid of (or one that > they've fried the firmware on), I'd be only too happy to give it a home :) Well I have (still shrinkwrapped), but I don't want to get rid of it - I got it so I can use it! :-) It was on special offer at Staples, about forty quid, I think. Worth checking whether they still have them. Any advice you have on which of the alternative softwares to load it with would be gratefully received. (I know next to nothing about Linux, by the way). Cheers, Howard Winter St.Albans, England