SSH is a powerful tool not only for astronomers. We often use it to download observation data from the observatory’s server or run some complicated programs on remote (overseas) servers. But for the reason as we all know, the SSH tunnels are always being obstructed. So we need some technique to get over such obstruction. Therefore, the obfuscated SSH turns out to be a sufficient method.
I will describe how to use obfuscated SSH_TUNNEL under Linux as below:
(Original Code: Here)
./configure --prefix=/usr/local/newssh --sysconfdir=/etc/newssh
Then you need to configure the ssh server following the guide here.
Then use this to run the ssh client:
/usr/local/newssh/bin/ssh -N -v -Z ObfuscateKeyWord -p ***** username@hostname -D 127.0.0.1:7070
There are 4 parameters you need to specify: “ObfuscateKeyWord” is the obfuscated keyword you set in the configuration file (sshd_config) of the server, “*****” is the ssh server port number, “username” and “hostname” are as the name described.
Yesterday I was trying to configure my computer behind a router to enable it for the SSH connection from outside the router. After some google-ing, I found many ways all involving changing the iptables rules, but all turned out to be failures. Finally, under the help of Daizhong, I found the working way to configure my computer in order to solve the problem.
Before beginning all the operation below, you need to setup the router to fix your IP address and set the forwarding port through the ADMIN page (normally is 192.168.1.1) of your router(two steps, first is fixing your IP address and then set the port forwarding).
The following steps are:
Firstly, you need to edit the SSHD configuration file
to enable the port forwarding you set on the ADMIN page of your router.
Then, you need to edit file
to set the value of ssh port to the number you gave before.
After that, you should set the firewall either using terminal or UI tools to allow the port for ssh. The terminal way is by adding the following line into the file /etc/sys config/iptables:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport XXXX -j ACCEPT
put your port number to the position of “XXXX”.
In the end, you should set the port allowed under SELinux using:
sudo semanage port -a -t ssh_port_t -p tcp XXXX
In the end, you can restart the sshd and iptables for a test, by using:
service sshd restart
service iptables restart
ssh username@ip -p XXXX
Note all the commands above need superuser account.