Hey guys, techies hopefully you can help. I'm working super long hours lately, and some of it is hanging out waiting for processes to finish. I'm here all night tonight, and would like to mess around on my linux box at home.

Unfortunately the infrastructure here at work (rightly so) blocks outgoing port 22 traffic for SSH.

I was hoping to find a web based SSH client (like MindTerm or something) that actually originates the ssh traffic from a remote host so I could basically proxy through there to access my system at home.

I may be able to use my virtual server my website sits on but figure there HAS to be something like this on the web already setup. Googling hasn't found any that are actually going to originate the traffic remotely.

Why not just change the port your Linux box uses for SSH to bypass the firewall? I use PuTTY all the time to alternate SSH ports (222 for Smoothwall) and it works just fine. They can't block ALL the ports.

Just configure your linux box so it is not a web server and use port 80!
Your traffic will look just like any other web activity.

Cheers!

john

Cool that should work fine yeah. I was thinking of doing that and reconfig'ing to either 80 or 443...would have to wait to get home though and I have a few folks remoting in I'll have to tell them to adjust their settings.

That'll work though. :)

The only concern I have is I have Cox cable internet and I heard they port scan 80 and 443 and send letters that you violated TOS agreement b/c they see it as a webserver. Never had this happen to me but my roommate had it happen.

But, they don't cancel, just threaten ;)

For that matter I was thinknig of getting an xterm window setup so I can use my linux box as a jump box to other things in my network. I have two Sun boxes, and a few Windoze boxes I could vnc to those and ssh to the Sun's and have full access from here. ;)

Would be pretty hard to prove it was a web server if no page comes up!

LOL!

I don't think they go that far, just scan for a listener on the port. ;)

or you can use telnet to test for a listener on a port (not just an open port, must have an active listener)

telnet [host] [port]

woooooooooooooooo. ;)

So go figure I was typing in the wrong IP the whole time! I was off one number in the first octet...lol. Turns out the site I'm out allows outbound SSH...wasn't expecting that, figured it'd be locked down atleast by subnets...

Anyway...

Been a little while since I had my linux box running full time, forgot how fun it is to check the secure logs in /var/log and see funny crap like this every 2 nights:

Mar 5 19:08:57 localhost sshd[15489]: Illegal user staff from 218.248.33.225
Mar 5 19:09:00 localhost sshd[15491]: Illegal user sales from 218.248.33.225
Mar 5 19:09:02 localhost sshd[15493]: Illegal user recruit from 218.248.33.225
Mar 5 19:09:05 localhost sshd[15495]: Illegal user alias from 218.248.33.225
Mar 5 19:09:08 localhost sshd[15497]: Illegal user office from 218.248.33.225
Mar 5 19:09:11 localhost sshd[15499]: Illegal user samba from 218.248.33.225
Mar 5 19:09:14 localhost sshd[15501]: Illegal user tomcat from 218.248.33.225
Mar 5 19:09:17 localhost sshd[15503]: Illegal user webadmin from 218.248.33.225
Mar 5 19:09:19 localhost sshd[15505]: Illegal user spam from 218.248.33.225
Mar 5 19:09:22 localhost sshd[15507]: Illegal user virus from 218.248.33.225
Mar 5 19:09:25 localhost sshd[15509]: Illegal user cyrus from 218.248.33.225
Mar 5 19:09:28 localhost sshd[15511]: Illegal user oracle from 218.248.33.225
Mar 5 19:09:31 localhost sshd[15513]: Illegal user michael from 218.248.33.225
Mar 5 19:09:56 localhost sshd[15515]: Failed password for ftp from 218.248.33.2


Dumb bots floating around out there pinging live hosts with ssh requests. Luckily all my passwords are quite difficult and of course root logins are blocked.

By the way, for the non-techie, what you are seeing from my access log are attempts over a few minutes made by a script (or even a trojan-virus for that matter) to try and login to very typical login userIDs with probably very basic generic passwords like "password", "admin", or "rocks", etc.

The source IP address is probably a proxy or a hijacked computer owned by an unsuspecting grandma. Yes I know this is UNIX/Linux but keep in mind crap like this floats around behind the scenes all the time.

This is exactly why you should toss out those easy to guess passwords, go with the typical standards, atleast 8 digits, vary upper/lowercase, numbers, and special characters. Never us a word in a dictionary - a brute force attack can crack a word password in minutes. Also, change your password every 3 months.

A good site to get some random passwords is: http://www.winguides.com/security/password.php -- Setup your parameters and let it generate 10-20 passwords (set in Quantity) then find one that has a pattern you can remember, give it a few logins before you're good at it but then you'll have a password you can remember that is very difficult to hack.

Just never forget this sort of thing is out here. I get hit by this junk 2-3 times a day or more sometimes, and thats just one port, one protocol, and one program.


Almost forgot how fun the internet is sometimes...