On Sun, Feb 25, 2001 at 11:56:18AM +0000, John P . Looney wrote:
> Swweeet. How much effort is it to setup on the far end ? I'm thinking
> setting up ssh to listen for tunneling connections on Antefacto's firewall
> (which runs squid).
i thought i'd posted it before. well here ya go, enjoy. as always i
expect that you'll choose good passphrases for your public keys, that
you've set yourself up for authorized_keys authentication, etc, etc.
# .ssh-env is where i store environment vars for scripts to talk to ssh-agent.
# this allows cron scripts and other such things to work.
# how to use:
# assumes you have sudo configured to run w/o a password. after this
# runs, you need to add a route: put this in /etc/ppp/ip-up.local:
# if [ "$6"x = workx ]; then
# route add -net 192.168.10.0 netmask 255.255.255.0 gw <lhost below>
# route add -net 192.168.11.0 netmask 255.255.255.0 gw <lhost below>
# exit 0
# make sure it's executable. this assumes a redhat box btw. fill in the
# bits enclosed by <...>. save this file somewhere on your path and run
# w/o arguments.
# for some reason you should press return after the first prompt shows
# after running workathome. maybe it's a tcsh buglet?
set lhost # e.g. 192.168.10.102
set rhost # e.g. 192.168.10.2
# go away and hide - comment out to debug
if [fork]!=0 exit
# start pppd on server
set stty_init raw
spawn /usr/bin/ssh "-x" "-e" "none" "server.example.com"
set remote $spawn_id
# you might want to ssh to an internal machine and start pppd from there.
# in the example below i've soft linked 192.168.11.1 to the ssh binary.
#send "killall /home/kevin/bin/192.168.11.1;sleep 2;192.168.11.1 -x -e none\n"
# here i send a password since the internal server doesn't trust the
# external host. make sure this password is *only* used here since it's
# stored in cleartext.
send "sudo /usr/sbin/pppd $rhost:$lhost noauth proxyarp\n"
# start pppd
spawn sudo /usr/sbin/pppd "$lhost:$rhost" noauth ipparam work
# tie them up
interact -u $remote
kevin at suberic.net i... i have a dream. and that dream is:
fork()'ed on 37058400 use DIY::Tiler;
meatspace place: orbit my($t) = new DIY::Tiler;
$t->tile(-room => "en-suite", -style => "stone");
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!