4

My company has a linux server (CentOS 6 VM) behind a corporate firewall, I have full root control of the VM, but I have no control over the firewall. There's an ssh server running on it, and I can ssh to it within the company network.

I would like to ssh to this VM when I'm outside of the company network. How do I achieve this?

This linux VM is running on a Mac host machine, which I can use logmein to connect, and then access the linux VM. I'd like to ssh directly to the linux VM.

I'm guessing there has to be some sort of handshake initiated by the linux VM to the outside machine for this to work?

KoKo
  • 151
  • 1
  • 5
  • 1
    Did you mean to post the same question, at the same time, to http://superuser.com/questions/322171 ? – mlp Aug 12 '11 at 06:36

5 Answers5

9

I would ask the IT department. There is a reason why they have installed this firewall and what you are trying to do may be against the security policy. They have to know that you need to access this server from outside of the company network. If there is no problem regarding the security policy, they will help you to have this access.

uloBasEI
  • 686
  • 1
  • 4
  • 11
7

You fix the corporate firewall to allow SSH in. You may not have control over the firewall, but if there is a business need for the access then any sensible corporate policy should permit it, and if you work for someone that doesn't have sensible policies, then hie thee to http://careers.serverfault.com/.

womble
  • 96,255
  • 29
  • 175
  • 230
4

If you have a server you can hit from both locations you can setup a reverse ssh tunnel

http://www.marksanborn.net/howto/bypass-firewall-and-nat-with-reverse-ssh-tunnel/

Mike
  • 22,310
  • 7
  • 56
  • 79
1

the most right way is to have your network administrator configure a vpn server for you, that way you could access all your network resources while you are outside of your company network.

Troydm
  • 364
  • 3
  • 11
0

You can create a ssh tunnel from behindvpn to outsidevpn host.

behindvpn$ ssh -R 1234:localhost:22 outsidevpn

This will open port 1234 on outsidevpn host which will forward connections to port 22 on the behindvpn host.

Now you can connect to behindvpn host with:

$ ssh outsidevpn -p 1234

Note: You may need to make sure that your connection will not break for example due to inactivity or shell timeout.

Note: You may also want to make some precautions to not to decrease intranet safety much by:

  • making all ssh passwords on the VM hard to guess
  • making sure the machine you create tunnel on is safe (accessed only by you, has an anti virus software, firewall, etc.)
  • setting bind_address for the tunnel to nonroutable address (e.g. 127.0.0.1) or hiding the port behind firewall
  • limit time when the port is open only when it is really needed
  • limit access to the port only to you
Paweł Nadolski
  • 176
  • 8
  • 1
    Circumventing corporate IT policies is considered harmful, and may result in some, or all of the following: hair loss, early greying, lost packets, lost wages, BEING FIRED FOR GROSS MISCONDUCT, nocturnal bruxism, and generally increased levels of stress. – Tom O'Connor Aug 14 '11 at 09:37
  • @Tom Circumventing corporate IT policies when done right may result in saved time, getting job done, decreased frustration, increased wages and general job satisfaction. Are the things you listed your personal experience? I doubt it (I'm pretty sure that no packets will be lost...). Of course if there is company policy against such practices there's some risk involved, but it is not relevant to the question posted! The question was about solution to specific problem and not the policies. How can you even be sure that in this case such policy exists? It wasn't mentioned. – Paweł Nadolski Aug 15 '11 at 07:41
  • 1
    That was my attempt to be funny. I won't do it again. – Tom O'Connor Aug 15 '11 at 19:14