Prev: Can ssh be used to display a whole desktop?
Next: Reusing DVD+RW disks with cdrecord
From: Chris Davies on 21 Jun 2010 18:30
Todd <todd(a)invalid.com> wrote:
> I was speaking to a tech support guy and he
> said they had their customers ssh into them,
> then they reversed down the tunnel to assist
> their customer with their program. They said
> they did this to get around their customers
> firewalls.

Fair enough. But a vanilla ssh connection wouldn't do this; the customers
would have to have provided additional parameters to the ssh command in
order to allow the tech support people to connect "backwards".


> Okay, other than the obvious security concerns of
> your customers having the ability to access your
> computer at will, what was he talking about?

I manage a public facing system that requires ssh for access. It permits
file transfer by specified username to locked down directories. Users
cannot log in and gain an interactive shell, and any given instance of
SFTP can see only the user's home directory and non-dotted directories
underneath there. (Further, we use public/private keys rather than
passwords, but that's another story.)

There's no reason why the tech support group would necessarily allow
their customers to access their system(s) at will. At least, not for
any useful value of "access".


> How can you reverse down an ssh tunnel?

I think someone else answered that, with reference to -R and -L.
Chris
First  |  Prev  | 
Pages: 1 2
Prev: Can ssh be used to display a whole desktop?
Next: Reusing DVD+RW disks with cdrecord