seems like if you haven't secured ssh properly, someone could run a root kit on thier local machine, through a ssh tunnel with logins being sent to local machine.
I can see where monitoring a "remote" system could be needed occasionally ( monitoring employee activity ) but why would you want to monitor for port activity like this?
Discussion on:
View:
Show:
If you SSH to a remote server, then export your display back to your local machine and fire up a GUI program on the remote system, the info from the remote system is not encrypted coming to your local box. If you set up the reverse connection on the port your app uses, it will be encrypted (if I understand the process correctly).
This is great for thin clients. I can push the server display back to the thin client and the connection is encrypted!
An obvious benefit of this is remote Syslog. Remember that the article describes this as a way of opening a port through a NAT (firewall) when the traffic will primarily be inbound, in the direction normally stopped by the firewall.
Remote Syslog is a superb security strategy. It can be quite a "gotcha" when a hacker discovers an SSH tunnel forwarding the information that normally would have been erased by a rootkit. I suppose you could also remote a spooler queue.
Obviously, if the need were more common, more people would think to use this feature. But it is a 'paradigm' problem, people don't use what they don't know exists.
Remote Syslog is a superb security strategy. It can be quite a "gotcha" when a hacker discovers an SSH tunnel forwarding the information that normally would have been erased by a rootkit. I suppose you could also remote a spooler queue.
Obviously, if the need were more common, more people would think to use this feature. But it is a 'paradigm' problem, people don't use what they don't know exists.
At least the version of ssh I have, the one that comes with Debian Etch, likes this better:
ssh -n -N- T -t -t -R 1100:local.mydomain.com:1100
Not sure why.
ssh -n -N- T -t -t -R 1100:local.mydomain.com:1100
Not sure why.
In this simple case you should provide local.mydomain.com which would be already resolved in normal "white" IP address to allow connect to. What if you are behind NAT? Is there way to setup backward tunnel exactly to machine from what connect initiated?
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
