Jump to content

[Official] autossh


audibleblink

Recommended Posts

  • 2 weeks later...

I'm adding the option to delete/regenerate existing keys in the next version. For now, ssh in and run

rm /root/.ssh/id_rsa.autossh*

Refresh the page and you should see the generate button again.

Link to post
Share on other sites

audibleblink,

would it be possible to set not just one remote and local forward? I've tried a few combinations and it just messes things up. so I've resorted to the straight setup you've mentioned before in another post, for both my ssh and gui tunnel to my server.. works great. perhaps you can add additional ports tab or option for both.

Link to post
Share on other sites

As it stands, the module only creates one remote forward from a relay (Computer B) back to the Pineapple's (Computer A) local SSH port.

Once you access the Pineapple (A) from a different remote machine ©, you can create forwards as you need them; like a web GUI forward.

From machine ©, run:

# this assumes you've enabled GatewayForwarding on your Relay(B)
ssh -L 1471:localhost:1471 root@<pineapple_ip> -p <remote_forwarded_port>

Now on ©, you can browse 'localhost:1471' to get the GUI. When you're done managing the Pineapple (A), you can close that connection since you won't be using it.

I'm not sure I like the idea of making it easier to forward more ports than necessary. You only really need the one, since from the one, you can spawn many. That said, you're not the first to ask for this. The module has a 'command will run' section that shows you what the module will end up running. You're perfectly free to copy that command, add the forwards you want, and then place that command in /etc/rc.local. This will autostart autossh on boot with your configuration. You could even delete the module at that point.

A command with multiple forwards would look something like this

autossh -M 20000 -i /root/.ssh/id_rsa.autossh -N -T -R 2222:localhost:22 -R 1471:localhost:1471 root@relayserver.com -p 22

Be sure to background the command with an '&' if you end up putting in /etc/rc.local.

Thanks for the feedback. It's something I've really considered, but ultimately decided against for various reasons, excluding my paranoia. =P

Link to post
Share on other sites

Darn phone, audibleblink the command in the rc file is the way i went. Ive found from time to time after rebooting with two relays on the gui page it doesnt always keep and i end up with no relay. So thats how i went right to rc.local to just make sure it was always going to work.

Link to post
Share on other sites

Is there a guide on using this somewhere? I'm trying to set this up but I'm a bit of a noob when it comes to this.

I have three devices here.

A - Pineapple

B - Ubuntu Server, remotely accessible on port 22 and 2222.

C - Windows desktop with SSH client.

I'm under the impression that I should be able to open my ssh client on A, and connect to B on port 2222 and get a shell on C.
Am I doing this wrong?

Whenever I try to connect to B on port 2222, its refused. It seems like nothing is listening on the port.

All of my devices are in each others known hosts/authorized keys, so that shouldn't be a problem.

Here is a picture of my configuration screen on the module, just in case it helps.

569637820123d564b79d86ada0ca0f65.png

The no-ip.org address is my connection to B.




UPDATE:
I think I get it now.
If I ssh from C (Windows) to B(SSH server) I'm now connected to the middleman sitting in between me and the pineapple.
Then on B, I run 'ssh -p 2222 root@127.0.0.1' and I get access to C (Pineapple).

Kinda weird, but I guess it works. Next step if finding out how to get to the pineapple gui from there.

UPDATE UPDATE:

A few reboots later and now it's working like I originally though it would?

ssh -p 2222 root@B
connects me to A (Pineapple)

Now I just need to figure out how to get B:8080 to go to A:1471

Link to post
Share on other sites

autossh -i ~/.ssh/id_rsa.autossh -N -T -R 2022:localhost:22 -R 1472:localhost:1471 <<RELAY USER>>@<<YOUR RELAY IP>> -p 22

just add in an extra route with -R and use the port you want and point it to 1471 the pineapple GUI port. after you add that you can point your browser to your relay server at whatever port you set it at in my case i used 1472 so it would look like

http://someserver.com:1472

if you are using autossh module. on the command line add it in. and save. it should work from there.

Link to post
Share on other sites

If you want access to the GUI from the Windows machine, I would suggest binding the Pineapple's 1471 to Window's localhost. Configure PuTTY to run the following:

ssh -L 8080:localhost:1471 root@B -p 2222

Then on your windows machine, access localhost:8080.

Some Benefits here over making the Pineapple's 1471 bind to B's 8080 with the -R flag:

- Your interface isn't open and free on the Internet

- Traffic is encrypted "end-to-end". v1.0.5 doesn't have SSL yet

Glad you got it working!

Link to post
Share on other sites

autossh -i ~/.ssh/id_rsa.autossh -N -T -R 2022:localhost:22 -R 1472:localhost:1471 <<RELAY USER>>@<<YOUR RELAY IP>> -p 22

just add in an extra route with -R and use the port you want and point it to 1471 the pineapple GUI port. after you add that you can point your browser to your relay server at whatever port you set it at in my case i used 1472 so it would look like

http://someserver.com:1472

if you are using autossh module. on the command line add it in. and save. it should work from there.

Thank you, adding this to rc.local let it run at boot. (The module doesn't allow you to change the "command to run" itself without editing the .js)

If you want access to the GUI from the Windows machine, I would suggest binding the Pineapple's 1471 to Window's localhost. Configure PuTTY to run the following:

ssh -L 8080:localhost:1471 root@B -p 2222

Then on your windows machine, access localhost:8080.

Some Benefits here over making the Pineapple's 1471 bind to B's 8080 with the -R flag:

- Your interface isn't open and free on the Internet

- Traffic is encrypted "end-to-end". v1.0.5 doesn't have SSL yet

Glad you got it working!

I'll give this a shot, I need to be learning all of this stuff anyways, so here a good excuse for me to do so.

Link to post
Share on other sites

Thank you, adding this to rc.local let it run at boot. (The module doesn't allow you to change the "command to run" itself without editing the .js)

For future readers, That box is there just so people would know what gets run. (or so they can copy/paste/modify and place it in their rc.local ) I should make that clearer in the next release. In any case, the module doesn't actually run what's in the box. That would be a huge security concern without also implementing crazy amounts of input sanitization (or ssl).

Also, be sure to disable 'run on boot' if you've pasted your desired command into rc.local, otherwise init.d will still try to run autossh with the settings in /etc/config/autossh.

Link to post
Share on other sites
  • 2 weeks later...

The SSH server I'm using this with has a banner that authentication banner that displays whenever you connect with ssh (Just the standard, "Hey don't mess with this device!" type message). Will autossh still work with this server? If not, is there anything I can do about this, aside from removing the banner? Thanks!

Link to post
Share on other sites

Shouldn't matter regardless but `autossh` runs with the "-N -T" flags so the banner code might not even get called

-T      Disable pseudo-tty allocation.
-N      Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2 only).
Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...