PK_420 Posted January 8, 2016 Share Posted January 8, 2016 (edited) Hello there, I was playing around with my pineapple and managed to set up a reverse ssh with autossh so I can connect to my pineapple through my home server even if the pineapple is on another network, So far much fun, but today I was wondering if it would be possible to tunnel the http traffic from the WebGUI on port 1471 to my server using the same idea...? So far I tried with a similar config to the reverse SSH tunnel in /etc/config/autossh : config autossh option ssh '-i ~/.ssh/id_rsa -N -T -R 420:localhost:22 root@example.com' option gatetime '0' option monitorport '20000' option poll '600' I have been told that I can make multiple tunnels by simply adding more instances of: -R port:hostname:hostport It seems to work for other SSH sessions on other ports, But with my testing I had no luck forwarding http traffic from port 1471 with: -R 1471:localhost:1471 Does anyone has an idea on how this could be done? I must be missing something here, something to install/configure on the home server perhaps..? My goal is simply to be able to manage my pineapple from the GUI and SSH through my home server when I deploy it remotely. Feel free to suggest any other method of achieving the said goal, with persistence of course. Edited January 9, 2016 by PK_420 1 Quote Link to comment Share on other sites More sharing options...
audibleblink Posted January 8, 2016 Share Posted January 8, 2016 (edited) I got this working a different way. I didn't want the web interface public all the time so I didn't configure with autossh on the pineapple. Instead, I made an entry in ~/.ssh/config on the relay server. I can ssh in to the relay server and type `ssh publicpi` and then I can access the web interface from anywhere by going to http:<relay_server>:8888 Host publicpi Hostname localhost User root Port 4255 IdentityFile ~/path_to/pineapple/id_rsa LocalForward 0.0.0.0:8888 localhost:1471 Since autossh is already connected to the relay server with -R, you can access the pineapple with `localhost`. If you're interested in the manual command, it looks like this ssh -i ~/path_to/pineapple/id_rsa -L 0:0:0:0:8888 localhost:1471 root@localhost When I'm done with the GUI, I kill the ssh session on the relay server. Also, since the ssh client can fire one-off commands, anywhere I can get to the relay server I can type ssh -t <relay_server> ssh publicpi and get a shell to the pineapple AND a public web interface. The `-t` tells the client to use <relay_server> as a tunnel Edited January 8, 2016 by audibleblink 2 Quote Link to comment Share on other sites More sharing options...
PK_420 Posted January 9, 2016 Author Share Posted January 9, 2016 (edited) If this doesn't work, it is most likely because remote forwarding is disabled by default. Go to your server (in this case example.com) and add the following to /etc/ssh/sshd_config: GatewayPorts yes Perfect! This was indeed the config option that was missing on the relay server, Thank you very much for your support :) Edited January 9, 2016 by PK_420 Quote Link to comment Share on other sites More sharing options...
White Light Posted January 9, 2016 Share Posted January 9, 2016 Just one thing I noticed while trying to reproduce your issue (and the desired results): The autossh file is in /etc/config not /etc/conf Quote Link to comment Share on other sites More sharing options...
PK_420 Posted January 9, 2016 Author Share Posted January 9, 2016 Just one thing I noticed while trying to reproduce your issue (and the desired results): The autossh file is in /etc/config not /etc/conf Indeed! I edited the post with the correct file path ;) Thank you for pointing that out, Quote Link to comment Share on other sites More sharing options...
Fallen Archangel Posted February 8, 2016 Share Posted February 8, 2016 I'm not sure what the correct terminology is here, so I'm having trouble go ogling this. I want to be able to connect my nano to the internet someplace in china, and then be able to ssh into it from a computer at home. Kind of like a video on hak5 with the Lan turtle. I have a spare machine I could leave running at home if needed. And I've got a few services such as dyndns that I can point to my home ip. Can anyone point me in the right direction? Thanks Quote Link to comment Share on other sites More sharing options...
_OuTLaW_ Posted February 8, 2016 Share Posted February 8, 2016 (edited) Have you tried autossh? There is a module for that. Or you can manually set it up cli in the rc.local file. There is a post in the forums for this. https://forums.hak5.org/index.php?/topic/37434-autossh/#entry272694 Edited February 8, 2016 by CulinaryOutlaw Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.