| Pages: [1] :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Cadet Seaton
Caldari Provisions
   |
Posted - 2009.03.09 08:24:00 -
[1]
Edited by: Cadet Seaton on 09/03/2009 08:24:30
Hi, I would like to access my home(2222/3724) or my regular(22) SSH from work.
Some information on what I'm running behind:
- Ports dont seem to be blocked but are VERY HEAVILY filtered
- I can access my home servers apache on 8080 if it is using the browser but nothing else works
- On my home server I cant run any services on <1024 ports unless I pay 7Ç/month extra (Which I wont)
- My regular server cant setup SSH on 443/993 because they use SSL.
I have also tried different proxies on 443 ports but those didnt seem to work either.
Things are filtered by BlueCoat apparently.
Any tips will be tested out and working one will get 200M ISK!!
|
Catari Taga
Centre Of Attention
Rough Necks
|
Posted - 2009.03.09 10:13:00 -
[2]
Establish an SSL VPN to your apache from your browser and then load an SSH java applet in that session. There are several open source solutions for this. |
Cadet Seaton
Caldari Provisions
|
Posted - 2009.03.09 10:53:00 -
[3]
 Originally by: Catari Taga
Establish an SSL VPN to your apache from your browser and then load an SSH java applet in that session. There are several open source solutions for this.
I will try this out, any specific solutions you might have in mind that are know to work well/easy to use?
|
destinationunreachable
|
Posted - 2009.03.09 14:33:00 -
[4]
Edited by: destinationunreachable on 09/03/2009 14:36:21
I am not sure, if I understand you correctly:
* what do you understand between the difference of blocked and filtered ? (same to me)
* you can run any server above port 1024 at your home server, right ?
* at work you can/can't get out on any port ?
* what is your clients operating system ? (Windows or Linux/UNIX/MacOS)
* what do you want to do on your server ? if it is just some minor stuff, you can install anyterm ( http://anyterm.org/ ), which emulates a console via (D)HTML...
moar details, pls 
PS: as a side note, you can also tunnel via the apache proxy module ( => AllowCONNECT 22 ...) and proxytunnel ( http://proxytunnel.sourceforge.net/ )
|
midge Mo'yb
Antares Shipyards
Hoodlums Associates
|
Posted - 2009.03.09 15:27:00 -
[5]
Edited by: midge Mo''yb on 09/03/2009 15:34:21
Edited by: midge Mo''yb on 09/03/2009 15:33:20
Edited by: midge Mo''yb on 09/03/2009 15:28:48
Originally by: Cadet Seaton
Edited by: Cadet Seaton on 09/03/2009 08:24:30
Hi, I would like to access my home(2222/3724) or my regular(22) SSH from work.
Some information on what I'm running behind:
- Ports dont seem to be blocked but are VERY HEAVILY filtered
- I can access my home servers apache on 8080 if it is using the browser but nothing else works
- On my home server I cant run any services on <1024 ports unless I pay 7Ç/month extra (Which I wont)
- My regular server cant setup SSH on 443/993 because they use SSL.
I have also tried different proxies on 443 ports but those didnt seem to work either.
Things are filtered by BlueCoat apparently.
Any tips will be tested out and working one will get 200M ISK!!
install Tunnelier on work pc - Free for non comercial http://www.bitvise.com/winsshd
install winsshd on your home server - Free for non comercial http://www.bitvise.com/tunnelier
on the server open the winsshd control panel and stop the service, and somewhere you can generate a key, (sorry for being a bit vague im at work so cant access my server :P) then you find the section and change the listen port to something you can connect to from work then in the users section you designate the windows account, or virtual user accounts that can connect to it and then start tunnelier at work and connect to your home server ip/port, you will need to use the /server:127.0.0.1 switch on the eve shortcut and add the ports below in C2S forwarding in tunnelier
this is how i play from work, one my lunchbreak....
depending how your workplaces it system works you may have to configure the proxy settings and stuff... when i get home ill clean this up a bit if your interested
-----------------------------------------------
|
Catari Taga
Centre Of Attention
Rough Necks
|
Posted - 2009.03.09 15:31:00 -
[6]
Originally by: Cadet Seaton
I will try this out, any specific solutions you might have in mind that are know to work well/easy to use?
I was thinking of SSH Web Proxy, which I see isn't being developed anymore (has been a while that I used that) but will probably still work, and proxytunnel mentioned above is another standard solution.
I only suggested the java based solution anyway because of the many unknowns of your system/situation, so if you can install other clients that will probably work as well.
|
Pwett
QUANT Corp.
QUANT Hegemony
|
Posted - 2009.03.09 18:41:00 -
[7]
step-by-step
http://slashstar.com/blogs/dave/archive/2006/11/27/SSH-Tunneling-_2800_on-Windows_2900_-with-OpenSSH-and-Putty-through-an-HTTP-proxy-.aspx
_______________
<Q> QUANT Hegemony
A man creates; A parasite asks 'Where is my share?'
Item Database
|
Grisella Clifton
Gallente
Carpe Nox
|
Posted - 2009.03.09 19:06:00 -
[8]
This is not an SSH solution, but www.logmein.com works well for getting into my home computer from work (and vice versa). You can even run Eve (in windowed mode at least) and change skills, etc. |
Amida Ta
German Mining and Manufacture Corp.
|
Posted - 2009.03.09 23:18:00 -
[9]
Why not just use Remote Desktop?
_________________________
EveAI.Live - The EVE-Online API/class library for .Net, C# and VB.Net |
Tonto Auri
Vhero' Multipurpose Corp
|
Posted - 2009.03.10 01:25:00 -
[10]
MSRDP can't handle DirectX applications... with new hardware acceleration - even less than before.
You can try Radmin3 with it's mirroring driver however.
--
Thanks CCP for cu |
therealdhs
|
Posted - 2009.03.10 17:09:00 -
[11]
Edited by: therealdhs on 10/03/2009 17:11:27
When I'm out of the house I'll use Logmein to access my computer - depending on your connection speeds, you might be able to play the game, but I find it sufficient for watching chat, changing skills, and even mining.
Originally by: Amida Ta
Why not just use Remote Desktop?
It can work, but Eve has to already be running. If it crashes, you close it, etc you won't be able to open it again. Logmein will let me open the game again though.
--------
Bender: Ahhh, what an awful dream. Ones and zeroes everywhere... and I thought I saw a two.
Fry: Don't worry, Bender: there's no such thing as two. |
Fox Ogmo
Net 7
The Last Brigade
|
Posted - 2009.03.10 18:56:00 -
[12]
Try tunneling your SSH connection through a port other than 22? Suggest 8080 first as that seems to work somewhat. U need to set this up on both computers.
|
Salakka
Caldari
Drunk Butchers Corporation
|
Posted - 2009.03.10 18:59:00 -
[13]
We have same boxes in use, and only way to get it working is wrap ssh inside ssl and use stunnel server in linux, but because very limited ports in our work, i need to use 443.
As you probably noticed, BlueCoat checks that it's really SSL traffic, so SSH inside SSL wrapping is must.
I'm running this with perl script in work to wrap ssh and in home i have stunnel in 443 which redirect to 22 port.
So I think you can manage this with stunnel as client and server if both are linux.
Also remember that you probably break many security rules with this one :)
|
Sharton
Caldari
Hairy Dog Holding Corp
|
Posted - 2009.03.10 20:43:00 -
[14]
Edited by: Sharton on 10/03/2009 20:47:39
Install Anyterm ( http://anyterm.org/download/index.html ) and make it listen on port 8080 ( http://anyterm.org/1.0/install.html ).
It exposes SSH through a HTTP connection and runs as a daemon on your PC!
:: |
Peanyra
Minmatar
Mnemonic Industries
|
Posted - 2009.03.10 21:50:00 -
[15]
I suggest using Hamachi VPN
I've used it several times to setup virtual VPN LAN's with so I could game with friends.
It works by connection to a mediation server which in turn lets you connect to your home network. It's very very clver network code, and it does allow you to vpn through many types of firewalls. You're mileage may vary, but I've had succes with 2 out of 3 workplaces.
See mere here
https://secure.logmein.com/products/hamachi/vpn.asp
|
Dr HansZarkov
|
Posted - 2009.03.10 23:16:00 -
[16]
One word: Hamachi
|
Tallaran Kouros
Caldari
Arcane Alliance
|
Posted - 2009.03.11 09:39:00 -
[17]
Originally by: Cadet Seaton
Edited by: Cadet Seaton on 09/03/2009 08:24:30
Hi, I would like to access my home(2222/3724) or my regular(22) SSH from work.
Is it a UNIX box?
Find a port that passes through your work's firewall (8080 is good as this is used for web proxies) and then alter /etc/ssh/sshd_config to match:
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 2222
As you can see I used 2222 as it stops random script kiddies connecting on 22, but anything should work.
Although in saying that, i'm guessing if it's going to cost you more money each month if you want to use privileged ports then you don't have root access?
In such a case, you might not be able to alter the sshd config :/
What is it you need access for/what's your use case here?
|
Salakka
Caldari
Drunk Butchers Corporation
|
Posted - 2009.03.11 10:27:00 -
[18]
If in understand correctly, only proxy works to outside world.
So hamachi not working because don't have direct internet connection and because BlueCoat proxy denies "tunnel" command in proxy.
Also ssh in different port is not working, because proxy checks that is SSL traffic.
So it need to be end to end SSL tunnel, then it works.
|
Tallaran Kouros
Caldari
Arcane Alliance
|
Posted - 2009.03.11 10:57:00 -
[19]
Originally by: Salakka
If in understand correctly, only proxy works to outside world.
So hamachi not working because don't have direct internet connection and because BlueCoat proxy denies "tunnel" command in proxy.
Also ssh in different port is not working, because proxy checks that is SSL traffic.
So it need to be end to end SSL tunnel, then it works.
How can it tell the difference between SSH and SSL?
Unless it's basically a man-in-the-middle attacker, it can't tell what's in the packets once the initial key exchange has been done.
|
destinationunreachable
|
Posted - 2009.03.11 14:30:00 -
[20]
Originally by: Tallaran Kouros
How can it tell the difference between SSH and SSL?
Unless it's basically a man-in-the-middle attacker, it can't tell what's in the packets once the initial key exchange has been done.
SSH and SSL are 2 different protocols, even basically on different layers. Both are encrypted (hence the 'S' in both names), but that is as much as they have in common.
Think difference between SSH and stelnet ...
|
Tallaran Kouros
Caldari
Arcane Alliance
|
Posted - 2009.03.11 16:21:00 -
[21]
Originally by: destinationunreachable
Originally by: Tallaran Kouros
How can it tell the difference between SSH and SSL?
Unless it's basically a man-in-the-middle attacker, it can't tell what's in the packets once the initial key exchange has been done.
SSH and SSL are 2 different protocols, even basically on different layers.
They are both application layer protocols.
Quote:
Both are encrypted (hence the 'S' in both names), but that is as much as they have in common.
Think difference between SSH and stelnet ...
I'm not saying they have anything in common, I'm saying that the firewall probably won't know the difference between an SSH and an SSL/TLS key exchange, and once the keys are exchanged then the traffic is indistinguishable.
|
Salakka
Caldari
Drunk Butchers Corporation
|
Posted - 2009.03.12 07:15:00 -
[22]
Edited by: Salakka on 12/03/2009 07:15:24
Originally by: Tallaran Kouros
Originally by: destinationunreachable
Originally by: Tallaran Kouros
How can it tell the difference between SSH and SSL?
Unless it's basically a man-in-the-middle attacker, it can't tell what's in the packets once the initial key exchange has been done.
SSH and SSL are 2 different protocols, even basically on different layers.
They are both application layer protocols.
Quote:
Both are encrypted (hence the 'S' in both names), but that is as much as they have in common.
Think difference between SSH and stelnet ...
I'm not saying they have anything in common, I'm saying that the firewall probably won't know the difference between an SSH and an SSL/TLS key exchange, and once the keys are exchanged then the traffic is indistinguishable.
BlueCoat checks that it's valid SSL key exchange, because I have same problem .. and only way to make it working for me is to add ssh inside ssl.
Basically I tried everything, fake connection to be from browser and all those tricks what can easily faked for proxy, only ssl wrapping did work.
Again, if using any of those tricks you probably breaking many company security rules, but it's doable :)
|
omgdutch2005
Gallente
Advanced Planetary Exports
Intergalactic Exports Group
|
Posted - 2009.03.12 15:08:00 -
[23]
why not use...
logmein.com
it works as long as you can access their website ;-), goes through any browser capable of running acivex, java or "mozilla" or HTML
if at work, i advise you use firefox (portable) so you can install the plugin to get the stuff working (in Internet Explorer, you'd need admin rights to install the active X plugin....)
[url=http://apeocorp.com/alliance/?a=pilot_detail&plt_id=39011][/url] |
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |