Peter's Blog 26.5.2004

2004-05-26

Tunnelling In

At work I was inspired to find a way to get in from home through the firewall. Tunnelling out using ssh through the https port is tried and tested but I wanted a way in.

I've set things up so I can email myself at work with a certain subject line which triggers an exim .forward rule. This rule starts up ssh making a connection OUT to my home debian server. The outward connection includes a remote forwarded port so from my home debian box I can ssh back into the work box. I'm kinda pleased with this as it's secure so I won't get into trouble. The tunnel can only go to my home pc at my command. Even if someone else sent the magic email they would not get the ssh connection.

It took a couple of tricks to get this working:

  • I had to edit sshd_config to add a new port at 8022 for forwarding to the home box as this is not a priveliged port.

  • The .forward file does not run ssh directly (it cannot block and wait for the ssh session to finish) so it runs an 'at' command to launch ssh independantly in a totally separate process.

  • ssh is fired up with the -n and -N commands to stop it screwing up the console.

Getting this going prompted me to load samba so I can copy stuff from the windows workhorse to the debian box and access it anytime from home without the risk of exposing my windows box through the firewall. Now that would get me into trouble...
posted at 21:18:08    #    comment []    trackback []
 

Samba Install

I was inspired to install samba both at work and home. With debian this boiled down to:

apt-get install samba smbclient

After tweeking smb.conf to expose the home directories to browsing I could not connect from windows without repeated user/password prompts. trying to browse using:

smbclient -L <hostname>

In both situations I got an error:

session setup failed: NT_STATUS_LOGON_FAILURE

I found a fix for this here which boiled down to:

"May be dumb to ask but you did create the Samba password file and added passwords for

your users? Reason I ask is because I have searched quite a few links and the response to that error is usually just that. Here is the commands I used to add my users:

To make the password file:

# cat /etc/passwd | /usr/bin/mksmbpasswd.sh > /etc/samba/smbpasswd

Then add your users:

# smbpasswd someusername"

At work the debian stable install did create a passwd file but apparently it didn't do a good job. My debian unstable install at home didn't try but the above did the trick.
posted at 20:58:56    #    comment []    trackback []
May 2004
MoTuWeThFrSaSu
      1 2
3 4 5 6 7 8 9
10111213141516
17181920212223
24252627282930
31      
Apr
2004		 Jun
2004

A blog documenting Peter's dabblings with Python, Gentoo Linux and any other cool toys he comes across.

XML-Image Letterimage

© 2004, Peter Wilkinson

Bisi and me