[CoLoCo] need help with port forwarding and ssh

[Jim Hutchinson]

Greetings all,

I've been working on this for a while and have been able to get ssh
and port forwarding to work, but I'm trying a few different approaches
that are not working. I've been getting some help on IRC,but I think
I'm not explaining the situation well so I'm just confusing everyone.
I thought maybe an email would help make it more clear.

I currently have a box at home that is running openssh-server and
listening on port 22. My router also forwards to port 22. When I use
Putty from work (yes, stuck on windows here) I am able to make a
connection and use the tools in putty to forward port 8080. As I
understand it this gives me an encrypted tunnel and anything proxied
over port 8080 travels on that tunnel. I am able to set up a socks
proxy in firefox for example.

This works and is not a problem. I'm just giving background.

Leaving the box at home on all the time is not ideal so after some
research I discovered that a linksys router can be flashed with the
dd-wrt firmware which, among other benefits, can also be an ssh
server. I have set this up.

If I set up the dd-wrt router to listen on port 23 (since 22 is
listening on the computer there would be a conflict and yes, I know
what 23 is used for normally) I can use Putty from work and accomplish
the same encrypted tunnel as if I use the setup described above. For
various reason, I'd prefer to create the tunnel on a less obvious
port. Port 443 seems the best option as it normally carries encrypted
traffic. If I select this port, however, my connection from work
fails. I suspect it has something to do with the firewall at work but
don't really understand why it would fail since port 443 appears open
when scanned.

In trying to test this theory, I used my Ubuntu laptop from a coffee
shop and was able to make the connection on port 443 but could NOT set
up port forwarding. Whenever I tried to forward port 8080 on the
Ubuntu laptop the connection would fail. I used this syntax:

ssh -L 8080:my.home.com:443 localhost

And various combinations. If I tried to use

ssh -L 8080:my.home.com:443 jim at localhost

It would prompt for my laptop password and connect me to my laptop -
i.e. my prompt was my normal jim at laptop. It never asks for the
password of the remote host. After connecting with the above and then
from that connection trying

ssh localhost:8080 (or was it ssh 8080:localhost)

it would fail give an error (sorry forgot exact error).

Thank you for reading this far. Now that you know the background here
are the questions...

1) what is the proper syntax on an Ubuntu box for making an ssh
connection to a server on port 443 (or any port) with port forwarding
of port 8080 so that I am connected to the remote computer. I assume
for this to work it needs to ask for the password of that remote ssh
server which it never did when using jim at localhost. The user name on
the remote ssh server (i.e. the dd-wrt router) is root and is not
changeable as far as I can tell.

2) assuming my work is preventing a connection on port 443, what
options exist? Does it have to be an open port like 22 or 23 or can I
theoretically use any random port like 3234?

3) is there a preferred method to use on the remote host to minimize
unauthorized access attempts. Since it's not a full blown Linux
install (just a router with ssh in the firmware) I cannot set up deny
host or similar. I can only use a difficult password (or rsa keys) and
some "unlikely" port.

Thanks for any help you can offer.

Jim



-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html