How to keep reversed SSH tunnel alive and safe
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I need to SSH to a computer that is behind a NAT. To this end a reverse SSH tunnel from that computer (with SSH server installed) is established to my publicly visible server (middleman.example.org
):ssh -f -N -T -R 9999:localhost:22 -p 7777 mm@middleman.example.org
Now in order for me to get to that computer from any place I do:ssh -J mm@middleman.example.org:7777 -p 9999 user_behind_NAT@localhost
- I need to keep this tunnel alive for days or even weeks. I've heard about two ways to achieve this:
(a) passing-o TCPKeepAlive=yes
together with above mentioned options
(b) useautossh
instead ofssh
What is the difference between those two options? Which is better for which situation? Does it make sense to use both?
- As the sysadmin of
middleman.example.org
I don't want to trust this user behind a NAT and would like to limit the accountmm
as tough as possible. In the best case I would like to disable both interactive shell and even sftp, allowing only establishing reverse SSH connections (I myself will use my regular account to "jump" into the reverse tunnel). Is this possible somehow?
linux ssh ssh-tunneling nat tunneling
add a comment |Â
up vote
0
down vote
favorite
I need to SSH to a computer that is behind a NAT. To this end a reverse SSH tunnel from that computer (with SSH server installed) is established to my publicly visible server (middleman.example.org
):ssh -f -N -T -R 9999:localhost:22 -p 7777 mm@middleman.example.org
Now in order for me to get to that computer from any place I do:ssh -J mm@middleman.example.org:7777 -p 9999 user_behind_NAT@localhost
- I need to keep this tunnel alive for days or even weeks. I've heard about two ways to achieve this:
(a) passing-o TCPKeepAlive=yes
together with above mentioned options
(b) useautossh
instead ofssh
What is the difference between those two options? Which is better for which situation? Does it make sense to use both?
- As the sysadmin of
middleman.example.org
I don't want to trust this user behind a NAT and would like to limit the accountmm
as tough as possible. In the best case I would like to disable both interactive shell and even sftp, allowing only establishing reverse SSH connections (I myself will use my regular account to "jump" into the reverse tunnel). Is this possible somehow?
linux ssh ssh-tunneling nat tunneling
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I need to SSH to a computer that is behind a NAT. To this end a reverse SSH tunnel from that computer (with SSH server installed) is established to my publicly visible server (middleman.example.org
):ssh -f -N -T -R 9999:localhost:22 -p 7777 mm@middleman.example.org
Now in order for me to get to that computer from any place I do:ssh -J mm@middleman.example.org:7777 -p 9999 user_behind_NAT@localhost
- I need to keep this tunnel alive for days or even weeks. I've heard about two ways to achieve this:
(a) passing-o TCPKeepAlive=yes
together with above mentioned options
(b) useautossh
instead ofssh
What is the difference between those two options? Which is better for which situation? Does it make sense to use both?
- As the sysadmin of
middleman.example.org
I don't want to trust this user behind a NAT and would like to limit the accountmm
as tough as possible. In the best case I would like to disable both interactive shell and even sftp, allowing only establishing reverse SSH connections (I myself will use my regular account to "jump" into the reverse tunnel). Is this possible somehow?
linux ssh ssh-tunneling nat tunneling
I need to SSH to a computer that is behind a NAT. To this end a reverse SSH tunnel from that computer (with SSH server installed) is established to my publicly visible server (middleman.example.org
):ssh -f -N -T -R 9999:localhost:22 -p 7777 mm@middleman.example.org
Now in order for me to get to that computer from any place I do:ssh -J mm@middleman.example.org:7777 -p 9999 user_behind_NAT@localhost
- I need to keep this tunnel alive for days or even weeks. I've heard about two ways to achieve this:
(a) passing-o TCPKeepAlive=yes
together with above mentioned options
(b) useautossh
instead ofssh
What is the difference between those two options? Which is better for which situation? Does it make sense to use both?
- As the sysadmin of
middleman.example.org
I don't want to trust this user behind a NAT and would like to limit the accountmm
as tough as possible. In the best case I would like to disable both interactive shell and even sftp, allowing only establishing reverse SSH connections (I myself will use my regular account to "jump" into the reverse tunnel). Is this possible somehow?
linux ssh ssh-tunneling nat tunneling
asked Apr 29 at 11:02
user1876484
438
438
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440715%2fhow-to-keep-reversed-ssh-tunnel-alive-and-safe%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password