EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Dynamic SSH Tunnel using SecureBlackbox

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#30781
Posted: 09/20/2014 07:54:21
by Blair Watkins (Standard support level)
Joined: 02/10/2009
Posts: 2

Can a Dynamic SSH Tunnel provide the ability to create an out bound tunnel that stays open providing the ability for inbound connections to pass through the firewall without the need to open a port? I am wanting to build something similar to the way programs like Teamviewer, Joinme pinhole straight through the firewall without needing to open any inbound ports?
#30783
Posted: 09/22/2014 04:31:15
by Ken Ivanov (EldoS Corp.)

Hi Blair,

Thank you for contacting us.

According to the description of your task, you probably want to look at facilities provided by remote SSH forwarding. To make a long story short, instead of opening a local inbound port on your private computer, you set up an SSH connection to a public server and create an inbound port on that server instead. All the data between the public server's inbound port and your private PC is then forwarded through the SSH channel without creating any additional TCP connections.

Hope that makes sense for you.

Ken
#31420
Posted: 11/18/2014 02:30:19
by Blair Watkins (Standard support level)
Joined: 02/10/2009
Posts: 2

Hi Ken,

Thanks for your reply, I have implemented and has worked as expected in my test environment.

I have one question around security. If the public gateway server is open to allow incoming ssh port forward requests to be executed from anywhere would I be able to secure the gateway server enough to stop a hacker from doing an ssh connection to it and using it as a gateway to launch attacks? Am just concerned about how secure the public server would be.

Your thoughts on this would be much appreciated.

Thanks,

Blair
#31423
Posted: 11/18/2014 03:54:19
by Ken Ivanov (EldoS Corp.)

Hi Blair,

This matter can be addressed with proper configuration of access rights and user authentication mechanisms. SSH as a protocol provides a variety of authentication mechanisms, from simple password-based authentication up to public key and custom authentication schemes. The attacker will need to pass an authentication procedure to be able to establish a tunnel, so proper authentication setup is vital for the security of your system.

Another straightforward approach, working on a different abstraction level, would be to only accept incoming SSH connections from a limited set of trusted IP addresses.

Ken

Reply

Statistics

Topic viewed 6063 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!