What's your preferred software or VPS for reverse-ssh tunneling?

[craig131]

I've been searching around for the best way to setup a reverse-ssh tunnel using the Pineapple Mark V's AutoSSH feature. HAK5 Episode 1112 was very informative as far as understanding the process and setting up the service, but it didn't mention the exact software used to provide this link.

So I want to know, what exact software or VPS company do you use to get a reliable ssh tunnel configured? Does OpenSSH do the trick, or is there a better solution?

[Xcellerator]

If you're concerned with anonymity then a VPS would be a (better) option than a personal server. However, I just use a personal server at home and just forward port 22 out over WAN. My home server runs Ubuntu Server 12.04 which came with OpenSSH pre-installed.

Either way OpenSSH does the trick just fine.

Personally, I'd recommend the easiest and quickest way to get started would be to install OpenSSH on a linux box and set up the port forwarding on your router. From there, you can decide if you want a dedicated machine (a home server type affair) or to rent a VPS.

If you decide on the VPS option, any package that provides SSH access (on Linux, ofcourse!) would be fine. SSH isn't very bandwidth intensive (even if you are tunnelling HTTP traffic through it) so you shouldn't need an expensive hosting option.

[crepsidro]

I had to edit ssh_config file on my server (raspb pi on outer wan ip) to shorten the keepalive settings, as ssh tunner from pineapple to it via 3g was hella unstable (pi would listen at an already dead conn and not free up the port so pineapple can reconnect). pm me for details.

Oh, and ppl, aren't you mixing up 'hosting' and 'vps'? VPS is a piece of 'virtualized hardware'. It's your choice, what to install into it. Windows, Kali, whatever...

Edited October 20, 2013 by crepsidro

[craig131]

Perfect, that's exactly what I wanted to know :)

Thanks so much for your help guys!

[Isolot]

My set-up: adsl modem in full bridged mode ------> apple usb ethernet dongle, the usb dongle is passed through to a PFsense Virtual machine as its WAN Nic. Pfsense handles the PPOE and all other network tasks (Firewall, DHCP, DNS etc...), out of the box it also handles your open vpn end points. Then i configure the VM to also use the hosts Nic as its LAN port. The hosts LAN port ------> apple airport extreme---->wifi to all my internal machines.

With this setup i run OSSIM monitoring the hosts NIC, which in turn gives me a complete Intrusion detection system as all the network traffic runs through this nic. Even the host machine sends a dhcp request out its nic, it hits the airport extreme comes back to its own pfsense virtual machine which hands back the ip. It can get confusing but works really well.

I thought i might mention it because pfsense has a web gui that is capable of everything you need (even a snort module for intrusion detection). I highly recommend both pfsense and alienvault OSSIM.

cheers,

Isolot.

Edited October 21, 2013 by Isolot

[craig131]

That's an awesome setup, I think I will do something similar. Thanks for the tips Isolot :)

[soap]

I think this could be accomplished also with a raspberry pi ;)

[superjanneke]

Hey,

I've created a service that does all the configuration of the reverse ssh for you.

Check out https://openport.io

It offers protection from brute force password guessing, and protection against port scanners.

Have a look, and tell me what you think.