SSH Tunneling without console login - SSH

This is a discussion on SSH Tunneling without console login - SSH ; Question: Is it possible to use remote port forwarding (tunneling) without having to login on the console? Situation: I have a server (PC1) which is running a SSH service behind a firewall. I do NOT have any control over the ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: SSH Tunneling without console login

  1. SSH Tunneling without console login

    Question:
    Is it possible to use remote port forwarding (tunneling) without having
    to login on the console?

    Situation:
    I have a server (PC1) which is running a SSH service behind a firewall.
    I do NOT have any control over the firewall, but I do want to access the
    SSH service of PC1 from PC2 over the Internet.

    Solution for the situation:
    I'm using the following command on PC1 to let PC1 make a SSH-tunnel to
    PC2 ssh -R 4000:localhost:22 account@PC2 And I have installed a SSH
    service on PC2 to make tunneling possible.

    Same question in detail:
    When I use the command above, it will make the tunnel, but I will also
    make PC1 login on the console of PC2. That last step is something I do
    not want. PC1 should only make the tunnel to PC2, but should NOT login
    on the console of PC2.
    Is this possible?


    -Jesse

  2. Re: SSH Tunneling without console login

    >>>>> "Jesse" == Jesse <"do not spam"> writes:

    Jesse> Question: Is it possible to use remote port forwarding
    Jesse> (tunneling) without having to login on the console?

    Jesse> Situation: I have a server (PC1) which is running a SSH service
    Jesse> behind a firewall. I do NOT have any control over the firewall,
    Jesse> but I do want to access the SSH service of PC1 from PC2 over
    Jesse> the Internet.

    Jesse> Solution for the situation: I'm using the following command on
    Jesse> PC1 to let PC1 make a SSH-tunnel to PC2 ssh -R
    Jesse> 4000:localhost:22 account@PC2 And I have installed a SSH
    Jesse> service on PC2 to make tunneling possible.

    Jesse> Same question in detail: When I use the command above, it will
    Jesse> make the tunnel, but I will also make PC1 login on the console
    Jesse> of PC2. That last step is something I do not want. PC1 should
    Jesse> only make the tunnel to PC2, but should NOT login on the
    Jesse> console of PC2. Is this possible?

    $ man ssh
    ....
    -N Do not execute a remote command. This is useful for just for-
    warding ports (protocol version 2 only).
    ....

    --
    Richard Silverman
    res@qoxp.net


  3. Re: SSH Tunneling without console login

    Richard E. Silverman wrote:
    >>>>>>"Jesse" == Jesse <"do not spam"> writes:

    >
    >
    > Jesse> Question: Is it possible to use remote port forwarding
    > Jesse> (tunneling) without having to login on the console?
    >
    > Jesse> Situation: I have a server (PC1) which is running a SSH service
    > Jesse> behind a firewall. I do NOT have any control over the firewall,
    > Jesse> but I do want to access the SSH service of PC1 from PC2 over
    > Jesse> the Internet.
    >
    > Jesse> Solution for the situation: I'm using the following command on
    > Jesse> PC1 to let PC1 make a SSH-tunnel to PC2 ssh -R
    > Jesse> 4000:localhost:22 account@PC2 And I have installed a SSH
    > Jesse> service on PC2 to make tunneling possible.
    >
    > Jesse> Same question in detail: When I use the command above, it will
    > Jesse> make the tunnel, but I will also make PC1 login on the console
    > Jesse> of PC2. That last step is something I do not want. PC1 should
    > Jesse> only make the tunnel to PC2, but should NOT login on the
    > Jesse> console of PC2. Is this possible?
    >
    > $ man ssh
    > ...
    > -N Do not execute a remote command. This is useful for just for-
    > warding ports (protocol version 2 only).
    > ...
    >


    I'm looking for an option on the SSH-Tunnel-server (PC2) side, not on
    the SSH-Tunnel-client side (PC1). This because PC1 is not fully under my
    control, but PC2 is.

    Is there also an option like -N for SSHD somehow? I could not find such.

  4. Re: SSH Tunneling without console login

    >>>>> "Jesse" == Jesse <"do not spam"> writes:

    Jesse> I'm looking for an option on the SSH-Tunnel-server (PC2) side,
    Jesse> not on the SSH-Tunnel-client side (PC1). This because PC1 is
    Jesse> not fully under my control, but PC2 is.

    Jesse> Is there also an option like -N for SSHD somehow? I could not
    Jesse> find such.

    So you want to have the server allow tunneling-related channels in the
    connection protocol, but deny shell and exec channels? OpenSSH does not
    have this level of granularity, though some SSH servers do (e.g. VShell by
    VanDyke). I think the best you can do is prevent *useful* shell/command
    channels by either making the shell a restrictive program, or enforcing a
    useless remote command (e.g. /bin/false) using the command= option in
    authorized_keys (assuming you allow only publickey authentication).

    Note that you may not want to make the shell completely useless (e.g. also
    /bin/false), since sshd uses the shell for all programs run on the
    client's behalf, e.g. xauth in support of X forwarding.

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread