Jump to content

Go to solution Solved by commdogg,

Recommended Posts

So after a week of everything I could possibly try I've come to the forums to discuss my Autossh Relay connection problem. I'm trying to reproduce Daren's relay server and Chriswat's tutorial and manage the gui remotely.

Contents:

MkV

Virtual Ubuntu Server LTS 12.04

External Box Ubuntu Server LTS 12.04

Windows Putty

Ubuntu 13.10 Virtual

Phone Hotspot for External IP for MkV

Ports:

VM Ubuntu Server -p 7000

External Box Ubuntu Server -p 50456

MkV 1471:localhost:1471

First I have a Ubuntu Server 12.04 LTS box setup at work as a file server but it also has openssh-server installed. Then I setup port forwarding on the router and modem for 50456 to internal 22. I've tested this from hom and I can ssh just fine. I generated my public key for my MkV through putty and then ssh through the external IP to the port 50456 and it is now connected.

root@Pineapple:~# ssh -p 50456 root@externalip

I copied the pinapple public key to the authorized_keys for the server. I added the "AllowTcpForwarding yes" and "GatewayPorts yes" lines to the sshd_config, "service ssh restart". Then I logout.

I do "ssh -p 50456 root@externalip -i /etc/dropbear/id_rsa" but for some reason I still have to enter the password. I don't know if I have to install dropbear on this particular server. But then I move on to installing my virtual ubuntu server.

I do all the previous steps but this time I use 7000 as the forwarding external port and port 22 as the internal. I also have a ddns provided by asus as I have the Asus N66U router.

"ssh -p 7000 root@externalip -i /etc/dropbear/id_rsa"

This time I did not need to enter the password and now have an ssh connection from my pineapple to the server. I exit the ssh session. I then go to my web gui on the MkV then to the AutoSSH config and put in

Host: root@externalip(VM) (I've also tried adding -p 7000)

Port: 4567

Listen Port: 1471

I exit the configuration page and click connect for AutoSSH. Then I setup my phone for Mobile Hotspot and connect my MkV in client mode to my phone. I disconnect my ethernet cable connected to the MkV.

I wait a few minutes for my pineapple to make a connection via AutoSSH. Next I power up my ubuntu 13.10 VM and make an SSH connection to my relay server "ssh -p 7000 root@externalip".

I pull up a browser and type in externalip:4567. This does not work so I then try externalip:1471. This still doesn't work.

I've tried to nail this down to a science before I posted on the forums about this. Please help. Thanks.

Edited by rockstargroover
Link to post
Share on other sites

So I figured out I can do the AutoSSH internally if I set root@192.168.1.234 for the host.

I can manage the gui from my ubuntu virtual through a browser by putting in 192.168.1.234:9456.

9456 being the port to redirect to 1471 the listening port.

It worked... the only question is how do I specify external ports for AutoSSH instead of 22.

Link to post
Share on other sites
  • 2 weeks later...

Hey, I'm a little confused on your config here.

Are you saying you can hit the relay server on your LAN and manage it, just not from an external IP?

As far as the config, I think, if I'm following you correctly, you are trying to forward the web interface port to the SSH listen port. I don't think that will work. You want that to be something the SSH client (the PC you are using) pushes through the tunnel created by Auto SSH. For the auto SSH config push some other port like 2222 (thats what mine is I think its defualt) the Config will look something like username@publicip -p #### Where #### is the listen port for the External interface (the router doing your NAT) pointing back to the port 22 on the server.

For Port mine says 2222 and listen port is 22. This sets up a forwarding rule for the SSH relay server to pass anything it gets on port 2222 back to the pineapple over the tunnel on port 22.

You'll need another port forwarding rule on the router the SSH relay server is behind pointing to 2222. If you set your VM server up with NAT and not a bridged interface, you'll need a port forwarding rule on your VM as well. Mine looks something like this:

Pineapple: ssh user@mydynamicdns.com -p 4299 -R 2222:localhost:22 -i ./etc/dropbear/id_rsa (thats from memory of the config file I'm sure I'm missing a couple of flags)

on the pineapple web interface it looks something like :

user@mydynamicdns.com -p 4299

port 2222

listenport 22

My router forwards port 4299 to my host PC where I have another port forwarding rule in virtualbox forwarding 4299 to port 22 on my VM ubuntu server. (mine is set up NAT, if yours is bridged then forward your external port directly to 22 on the IP used by your guest server, not the host)

When it connects successfully a listen interface appears on the ubuntu server at 2222. Thats the pineapple.

I have another rule on virtualbox forwarding another random port like 42555 to 2222. And a rule on my external router to pass anything from 42555 to 42555 on my host. Again, if yours is bridged don't worry about the VM port forwarding rule, just get a port on your external router to forward to 2222.

On the client, your ssh session will be something like ssh -L 9999:localhost:1471 root@mydynamicdns.com -p 42555 for linux clients

On putty, to forward a port, drill down the menu to SSH, Tunnels and put 9999 in source port and localhost:1471 in destination.

This connects to the listen port on the server your pineapple forwarded, and establishes a local port 9999 that forwards through the SSH tunnel to the pineapple at 1471. So if it connects, and you can authenticate and see the pineapple shell, open up a web browser and point it to localhost:9999.

Bam-a-lam.

You can change the listen port by editing the sshd_config file on either the relay or pineapple, but you can in effect change that with port forwarding rules at the router as well, without actually mucking with the config files.

Hopefully I was able to help a little bit. Let me know if I was off the mark.

comm

Link to post
Share on other sites

I'll have to try this out. My only question is I can't specify -p on autossh on my pineapple when inputting for the user@host.

Also I just have my router external port forwarding directly to my VM which is bridged to my nic.

What I'm saying is that I should be able to manage the gui by relay server.

I have tested it internally and it works (not by hitting external IPs).

For mine says 2222 and listen port is 22. This sets up a forwarding rule for the SSH relay server to pass anything it gets on port 2222 back to the pineapple over the tunnel on port 22.

You'll need another port forwarding rule on the router the SSH relay server is behind pointing to 2222. If you set your VM server up with NAT and not a bridged interface, you'll need a port forwarding rule on your VM as well. Mine looks something like this:

But what if I want send information back to the gui port 1471?

All my SSH is routing through -p 7000 to 22 internal.

But I'm trying to replicate chriswhat's tutorial on managing the gui externally.

Edited by rockstargroover
Link to post
Share on other sites

Here is a log from today when trying my autossh.

Jan 18 06:12:16 Pineapple user.err autossh[2029]: ssh exited prematurely with status 255; autossh exiting
Jan 18 06:12:15 Pineapple user.info autossh[2029]: ssh child pid is 2030
Jan 18 06:12:15 Pineapple user.info autossh[2029]: starting ssh (count 1)

Here is my autossh config

Host: root@externalip

Port: 7000

Listen Port: 22

My relay server is set for:

-p 7000 root@externalip

I can ssh just fine with ssh -p 7000 root@externalip -i /etc/dropbear/id_rsa

But I'm trying to figure out why I'm getting this error.

Edited by rockstargroover
Link to post
Share on other sites

Hmm,

I think if you put the -p 7000 argument in your autossh config page it should go, but may not save? If you look at the auto ssh config file on the pineapple it will tell you. I set mine up that way and it connects just fine. If your server is listening on 22 with its external port forwarded to 7000, leave the -p 7000 argument in the top line with user@whatever.

The Port field is the remote port the pineapple will listen from when connected to the relay server. It is the port you have to hit from the other direction with your SSH client, through the relay server. Its the -R argument you had to do for the MK4.

To sent information back to the GUI port you have to forward ANOTHER port with the SSH client (putty) to 1471. on linux its something like "-L 9999:localhost:1471" Where 9999 is the port on the local machine you are using the client on, and localhost:1471 is the pineapple web management port.

In putty, you would go to SSH, Tunnels, and set that.

Also, I don't know if you can SSH into the relay server as the root user. I set up another user and that's what the pineapple uses to connect. You can to the pineapple though.

Link to post
Share on other sites

I ssh just fine into the relay server as root but I'll try setting a different user to ssh into with.

Ok so let me get this straight. I have to have an external port for each of these ports:

Relay Server

SSH 22

Pineapple

Port 9999

Or do I make port 9999 the external port for the 1471 remote port on my router?

Edited by rockstargroover
Link to post
Share on other sites

When I say "external" I mean the public IP on your router. Anything you have in the way thats performing NAT (like a virtualbox, again it depends if the interface of the VM is bridged or NAT)

so to hit your server at port 22, you have to open a port on the router and send it to the server IP address at port 22. Most routers have a tab in the management interface for port forwarding.

If your server listens on your LAN at 192.168.1.20:22 (for example) and your public IP address on your routers WAN port is 22.23.24.25, if you want your server to listen on port 7000 on your public interface, you set up a port forwarding rule from the router to send everything on port 7000 to port 22 at 192.168.1.20 on your LAN.

To connect to your server you put ssh user@22.23.24.25 -p 7000 in your client.

The port/listen port block on the pineapple web GUI sets a listen interface up AFTER the pineapple connects to the server, ON the server. So once the pineapple connects, you SSH to the server on that port to talk to the pineapple. Remember the pineapple is a client and a server, it connects to the relay as a client and then you connect back through the tunnel to its server interface (port 22).

Whatever port you are forwarding to the SSH relay server for the pineapple to listen on you need an additional port forwarding rule on your router for that port. I am assuming here the relay server is on your local LAN. But its the same process. If you are forwarding port 2222 then you need a rule on the router at like port 7001 forwarded to the server at 2222. So when your pineapple is connected to the server you can ssh into the pineapple at ssh root@192.168.1.20 -p 2222

The command to hit the web GUI port is in addition to the above. When you open putty to connect to the relay-connected pineapple, you put a command in SSH tunnels to forward anything sent to a local port IE 9999 to 1471 over the tunnel. So in your web browser you just browse to localhost:9999 and it automatically connects to the pineapple 1471 over the tunnel.

Clear as mud?

What part is hanging up? Lets start there. It looks like your logs are saying its not connecting to your relay server. Probably because we need to set up the port forwarding rules.

Link to post
Share on other sites

So I have some new logs here:

Jan 18 18:28:52 Pineapple user.info autossh[2249]: ssh child pid is 3301
Jan 18 18:28:52 Pineapple user.info autossh[2249]: starting ssh (count 2)
Jan 18 18:28:52 Pineapple user.info autossh[2249]: port down, restarting ssh
Jan 18 18:28:52 Pineapple user.info autossh[2249]: timeout polling to accept read connection
Jan 18 18:18:37 Pineapple user.info autossh[2249]: ssh child pid is 2250
Jan 18 18:18:37 Pineapple user.info autossh[2249]: starting ssh (count 1)

To verify I can ssh to my relay server from putty and an ubuntu VM through "ssh -p 7000 root@externalip" just fine. So the port forward I have pointing to 22 internally is just fine.

Also I can verify that I understand that traffic from the pineapple and relay server is flowing through the "Port: " setting on the autossh.

What is unclear to me is whether I need to specify another port forward on my router pointing to either the "Listen Port: " or the "Port: " specified on the AutoSSH config page on the pineapple.

Another note: I think the AutoSSH tile code needs to have a setting to specify the port to hit (ssh -p for example) in order to connect to the relay server.

But thus I am still confused and may not have my information correct.

Edit: Another question where is the autossh config file?

Edited by rockstargroover
Link to post
Share on other sites

So I have some new logs here:

Jan 18 18:28:52 Pineapple user.info autossh[2249]: ssh child pid is 3301

Jan 18 18:28:52 Pineapple user.info autossh[2249]: starting ssh (count 2)

Jan 18 18:28:52 Pineapple user.info autossh[2249]: port down, restarting ssh

Jan 18 18:28:52 Pineapple user.info autossh[2249]: timeout polling to accept read connection

Jan 18 18:18:37 Pineapple user.info autossh[2249]: ssh child pid is 2250

Jan 18 18:18:37 Pineapple user.info autossh[2249]: starting ssh (count 1)

To verify I can ssh to my relay server from putty and an ubuntu VM through "ssh -p 7000 root@externalip" just fine. So the port forward I have pointing to 22 internally is just fine.

Also I can verify that I understand that traffic from the pineapple and relay server is flowing through the "Port: " setting on the autossh.

What is unclear to me is whether I need to specify another port forward on my router pointing to either the "Listen Port: " or the "Port: " specified on the AutoSSH config page on the pineapple.

Another note: I think the AutoSSH tile code needs to have a setting to specify the port to hit (ssh -p for example) in order to connect to the relay server.

But thus I am still confused and may not have my information correct.

Edit: Another question where is the autossh config file?

Okay your new port forwarding rule points the server IP with the "port" value. And it looks like it isn't connecting. Does it connect if you move the pineapple into your LAN?

Link to post
Share on other sites

Yes if I do everything through the LAN it works fine. I can access the GUI through the relay server through the LAN.

It's externally that it doesn't work. I've read some other threads and found that the AutoSSH tile is broken and you have to set a command on a dip switch so that it works.

So how about we compile a command for autossh that I can execute on a dipswitch.

Link to post
Share on other sites

Yes if I do everything through the LAN it works fine. I can access the GUI through the relay server through the LAN.

It's externally that it doesn't work. I've read some other threads and found that the AutoSSH tile is broken and you have to set a command on a dip switch so that it works.

So how about we compile a command for autossh that I can execute on a dipswitch.

you could try to look in /sd/inclusions/autossh/includes or somewhere similar and see if you can find a script file that it uses.

Link to post
Share on other sites

If it works on your LAN then its probably port forwarding rules or firewall issues. Can you connect to the relay with another device other than the pineapple from outside your network?

Remember you need a rule allowing a port to port 22 on your server, and another rule to the forwarded interface port for the pineapple on your server's IP.

Link to post
Share on other sites
and another rule to the forwarded interface port for the pineapple on your server's IP

Now what do you mean by this though specifically? I need to specify an external port for the "Remote Port: " or the "Port: "?

Yes I can ssh from my phone, my virtual ubuntu, and any of my devices from anywhere to my relay server.

Link to post
Share on other sites

Ok I specified "Port: 9999" on the Autossh config. Then I opened external port 9999 to point to 9999 internal port for 192.168.1.234 (server).

This is the log I have after having all these settings:

Pineapple

Host: root@externalip -p 7000

Port: 9999

Remote Port: 1471

Port Forwards on Router:

External: 7000 Internal: 22 to 192.168.1.234

External: 9999 Internal: 9999 to 192.168.1.234

Now after clicking autossh connect I have these logs:

Jan 18 20:48:01 Pineapple auth.info sshd[5269]: WARNING: /etc/ssh/moduli does not exist, using fixed modulus
Jan 18 20:41:54 Pineapple user.info autossh[17162]: ssh child pid is 17163
Jan 18 20:41:54 Pineapple user.info autossh[17162]: starting ssh (count 1)

I then connected my Ubuntu VM by SSH to the relay.

I then did a "pinky" on the server. The only connections I have listed are TTYL1 and the UbuntuVM ssh connection.

Now if it's so that the autossh shouldn't show as a connection under pinky then I have another question. I'm supposed to do Client > Relay > Pineapple as in ssh to the server then from the server ssh to the pineapple. If that's the case how do I ssh to the pineapple? Do I do "ssh -p 9999 root@localhost"?

Link to post
Share on other sites

change listen port to 22 on the pineapple.

SSH into the server after the pineapple says it connects and run netstat -na and see if 9999 showed up as a listening port.

If it did, under the connection pofile set up the port forwarding rule under ssh, tunnels with local port (9090 or something and remote port localhost 1471)

linux or plink should look like

ssh -L 9090:localhost:1471 root@serverip -p 9999

putty config you need to go to SSH tunnels and put in 9090 for the source port and localhost:1471 for destination

Then you should be able to connect to localhost:9090 in your web browser and hit the web GUI

Link to post
Share on other sites

Sorry my mind slips back and forth into VPN lingo sometimes... Connection profile... the first tab in putty has save and load buttons... should have an entry in there for your pineapple connection. You have to tell putty to forward a port so you can access the web GUI. Go to SSH, tunnels and put "9090" for example in the source port, and localhost:1471 in the destination.

And it looks like your server has a listen port for the pineapple. SSH into that at ssh user@serverip -p 9999 and see if you get the pineapple.

if so exit the connection and add this argument ssh 9090:localhost:1471 user@serverip -p 9999 <<for Linux, if using putty see the paragraph above.

if it connects put local host 9090 in your browser and you should hit the web GUI

Link to post
Share on other sites

Well like I said I'm not trying to do it through putty. I am sshing through the relay to the pineapple from an ubuntuvm or kali vm. But I'll set up the putty just for this exercise.

Edit:

f so exit the connection and add this argument ssh 9090:localhost:1471 user@serverip -p 9999 <<for Linux

Also why am I using 9090?

Shouldn't there be a -R or -L in that argument??

Edited by rockstargroover
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...