I have used Tunellier and freeSSHd to setup a tunnel from my home to my
work machine. However to use this system I need to initiate a
connection initially using a token based system. To avoid doing this
and to use the security of SSH I would like to setup a reverse SSH
tunnel from work to home. However googling I am a little lost.

I wish to login from home to work, but to do this without using any
tokens, the tunnel would have to be initiated from work. So - can
anyone point me to any resources that I can take a look at. Can I do
this with the client and server software that I presently use, or is
something else preferable and better.

I know that this sounds a very dumb question - I assume that the server
should still be at the work end and the client at home. If so, do I
have to create the tunnel at work before going home, or can this be
done remotely from home. If the latter, then how, because I cannot get
onto the work network without the token that I mentioned above, and I
wish to avoid using the token-based system.

Many thanks in anticipation of - I appreciate it. Apologies for
any dumb sounding questions. I did spend a lot of time initially
getting to grips with SSH in June of this year, and then opted for the
easier solution of using Tunellier as it was so easy to use Remote
Desktop with this. I would like to use Remote desktop again, hence the
simplicity of Tunellier appeals.

Paul Bromley

paulbrom@gmail.com wrote:
> I have used Tunellier and freeSSHd to setup a tunnel from my home to my
> work machine. However to use this system I need to initiate a
> connection initially using a token based system. To avoid doing this
> and to use the security of SSH I would like to setup a reverse SSH
> tunnel from work to home. However googling I am a little lost.
>
> I wish to login from home to work, but to do this without using any
> tokens, the tunnel would have to be initiated from work. So - can
> anyone point me to any resources that I can take a look at. Can I do
> this with the client and server software that I presently use, or is
> something else preferable and better.
>
> I know that this sounds a very dumb question - I assume that the server
> should still be at the work end and the client at home. If so, do I
> have to create the tunnel at work before going home, or can this be
> done remotely from home. If the latter, then how, because I cannot get
> onto the work network without the token that I mentioned above, and I
> wish to avoid using the token-based system.
>
> Many thanks in anticipation of - I appreciate it. Apologies for
> any dumb sounding questions. I did spend a lot of time initially
> getting to grips with SSH in June of this year, and then opted for the
> easier solution of using Tunellier as it was so easy to use Remote
> Desktop with this. I would like to use Remote desktop again, hence the
> simplicity of Tunellier appeals.
>
> Paul Bromley
>

Sounds like you want an SSH server running at work with remote port
forwarding on the client at home. By token I guess you mean something
like the RSA key fob? With OpenSSH you don't need one. You can
authenticate with passwords or a keypair. You wouldn't need to start the
tunnel before leaving to go home from work. Just make sure the server is
running and that any corporate and personal firewalls allow you to pass
through them on whatever port you run the tunnel over.

Hi Chuck,

You are correct in that I use an RSA Key fob. I then get assigned an IP
address and that allows me in through our firewall, and that is the
problem - without the keyfob it is not possible to get through the
firewall. I then run an SSH tunnel within the VPN tunnel that has been
created.

What I want to do is to dispense with the RSA fob, but I can only do
this if it is possible to create an SSH tunnel in the reverse direction
- from work to home that I can then use RD over to connect to my
workstation at work. This is 'above board' it is just that there are a
load of jobsworths who consider that SSH is not secure enough.

Best wishes

Paul Bromley


Chuck wrote:

> paulbrom@gmail.com wrote:
> > I have used Tunellier and freeSSHd to setup a tunnel from my home to my
> > work machine. However to use this system I need to initiate a
> > connection initially using a token based system. To avoid doing this
> > and to use the security of SSH I would like to setup a reverse SSH
> > tunnel from work to home. However googling I am a little lost.
> >
> > I wish to login from home to work, but to do this without using any
> > tokens, the tunnel would have to be initiated from work. So - can
> > anyone point me to any resources that I can take a look at. Can I do
> > this with the client and server software that I presently use, or is
> > something else preferable and better.
> >
> > I know that this sounds a very dumb question - I assume that the server
> > should still be at the work end and the client at home. If so, do I
> > have to create the tunnel at work before going home, or can this be
> > done remotely from home. If the latter, then how, because I cannot get
> > onto the work network without the token that I mentioned above, and I
> > wish to avoid using the token-based system.
> >
> > Many thanks in anticipation of - I appreciate it. Apologies for
> > any dumb sounding questions. I did spend a lot of time initially
> > getting to grips with SSH in June of this year, and then opted for the
> > easier solution of using Tunellier as it was so easy to use Remote
> > Desktop with this. I would like to use Remote desktop again, hence the
> > simplicity of Tunellier appeals.
> >
> > Paul Bromley
> >
>
> Sounds like you want an SSH server running at work with remote port
> forwarding on the client at home. By token I guess you mean something
> like the RSA key fob? With OpenSSH you don't need one. You can
> authenticate with passwords or a keypair. You wouldn't need to start the
> tunnel before leaving to go home from work. Just make sure the server is
> running and that any corporate and personal firewalls allow you to pass
> through them on whatever port you run the tunnel over.

ssh -R

--
Richard Silverman
res@qoxp.net