0

I have an admin area on a site, that I would like to restrict access to. I was thinking of creating a virtual host and binding to port 9090 for example. Access to this port will be granted to localhost only.

Is there a way, after the above is done, for any of the users which have ssh access to the server, to access this admin area, through the use of ssh tunneling, SOCKS or anything else that gets the job done?

Bart De Vos
  • 17,911
  • 6
  • 63
  • 82
Thomas
  • 167
  • 1
  • 4
  • 13

2 Answers2

2

Yes you can access the area via SSH when connected to the host. You can also access the area from localhost itself, means every user on the server has access (unless other restrictions are made).

If that is fine for you, just fire up putty (windows ssh client) and modify Connection > SSH > Tunnels. Under Source port enter the 'remote' port(in your case 9090). Under Destination you enter (e.g.) localhost:9090. You can than access the area by typing http://localhost:9090/name-of-the-area/. Just use a different port on your side if 9090 is already bound locally.

Chris
  • 1,185
  • 2
  • 9
  • 18
  • Don't know if you actually use Windows. You can tunnel from any other OS as well. Just leave a note which one you want to access. – Chris Dec 13 '11 at 08:37
  • Cool. I need to test – Thomas Dec 13 '11 at 08:40
  • Just recognized that the use of < w/o code-tags makes my written text invisible. The correct URL to access the area is http://localhost:9090/area/. Fixed it in the text above as well. – Chris Dec 13 '11 at 08:44
  • Is there any way not to use localhost but another pseudo name (admin.mysite.com) to access the remote site? I am using Name based virtual hosts and I need to send the hostname – Thomas Dec 13 '11 at 10:39
  • Take a look at this [page](http://magazine.redhat.com/2007/11/27/advanced-ssh-configuration-and-tunneling-we-dont-need-no-stinking-vpn-software/). To answer this in short would be beyond my scope. Hope this helps tho. – Chris Dec 13 '11 at 11:12
  • Thanks Chris. Unfortunately, I am on Windows so it's a bit much for me to follow the article – Thomas Dec 13 '11 at 13:04
0

For a similar setup I use the following:

ssh -X -N -R 8888:localhost:22  someuser@public_server_ip_or_domain

If you execute this command on the admin server, it will create an ssh tunnel between public server's 8888 port and admin server's 22 port. And then you can access private server with the following ssh command:

ssh -p 8888 user_of_admin_site@public_server

Note that in my experience the tunnel kept closing after some time, maybe you can try this.

Please note that for this tunnel to work you need the following option on public_server's /etc/sshd_config file

GatewayPorts yes
Community
  • 1
Can Kavaklıoğlu
  • 978
  • 1
  • 8
  • 11
  • If you want to create this tunnel from in a non-interactive way, you can use the `ssh-copy-id someuser@public_server_ip_or_domain` command to copy your users public key to somuser's authorized_keys file on public server. This way password will not be asked on your following logins. – Can Kavaklıoğlu Dec 13 '11 at 08:47