![]() ![]() That is, Pi machine should have an "NSA quality" iptables or nft firewall anyway. In fact, the Pi must have a firewall that drops all ssh connections except the connection from your home IP address. That would lower the exposure of the school to ssh attacks. You can check with your schools IT guy since a firewall rule can be set to limit an ssh connection to a single IP address (your home). Ssh does encryption and compression and rdesktop does too, so I have turned off rdesktop's encryption and compression and limited the transmitted colorspace to save bandwidth. Your home windows machine might not have remote desktop available if it the home edition. I use Linux at home and ssh port forward to a Pi which then redirects through the ssh tunnel to the Win10 box (10.0.0.104). I do something similar from home to work. But I have to reiterate: Don't try this at school. I added this, as it can be a valuable trick in some circumstances, and it's good to have heard about it. You could have a chat with your IT guys about this, but don't expect them to be happy. However, I do not recommend to host a hidden service in school. I use this for a RasPi server, which is out in the field, otherwise inaccessible behind a UMTS-Stick. Therefore you need no reverse ssh tunnel, as you can connect directly (via TOR). This way, you have your own TOR-address and a firewall/NAT becomes kind of transparent. If FreeSSHd works as I am used to, you should just be able to open a similar connection with PuTTY (target is localhost/127.0.0.1, port is 14000).Īn other method I really like is to host your own hidden service on your Pi. Ssh -p 14000 I said, I only have Linux experience. Also, it's worth noting, that autossh may be a good substitute for ssh in this case (see here).īack home on your machine, you connect to localhost, with the port you previously provided: You can configure this line to be automatically executed on startup (make sure, network is available, before this command is issured - or you could just do some sleep). 14000 is the remote port number you chose (also see below). Ssh -f -N -R 14000:localhost:22 is the local port (where sshd on the Pi is listening). ![]() On the Pi, you can open a reverse ssh tunnel with a command like this: Now, you should be able to ssh home from your Pi, without typing in a password. Copy the contents of the *.pub into this file. You may have something like an authorized_keys file. Now you need to google the FreeSSHd specifics. This will create a *.pub-file in either /root/.ssh/ or in your ~/.ssh/. Ssh-keygen or sudo ssh-keygen (when asked for a password, just hit enter) Depending, whether you want root or your current user to be the one to establish the connection, issue And you need to create you public/private keys on your Pi. If you do anything beyond this, you might want to contact the IT department.įor this to work, you need to configure public key authentication on your FreeSSHd server. ![]() In schools, you are usually expected to browse the web or send emails. And if there's no policy explicitly forbidding something, you might want to think about what you are expected to do on this network. And I know, a properly secured tunnel is nothing to be afraid from.īut one should always adhere to company/network policies. I know, school networks are oftentimes very amateurly monitored, so your chances may be quite good. ![]() If you just do it right away, and they find out, you are in serious trouble. You really should check back with your school's IT department, whether they like your idea. Disclaimer: I have no experience with any ssh software under windows. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |