[SPAM] Re: [Voyage-linux] Huawei E160
Gustin Johnson
(spam-protected)
Sat May 23 04:35:45 HKT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert Rawlins - Think Blue wrote:
> Hey Frank,
>
> Thanks for the suggestion on this. That sounds like a decent plan and
> something I'd be keen to test and explore.
>
> One thing I have found here is a 3rd party company here which is issuing 3G
> SIMMs based on the Vodafone network which have a static IP, they're about an
> additional �10 a month though so I'd rather avoid that if possible ;-)
> however that would allow me to connect directly to the systems :-)
>
> Can you explain what you mean by 'hub'? Let's say I have a few tech support
> guys here, in a couple of different locations, how could I ensure that they
> all have availability to connect via SSH?
The hub would be a central server that all the remote machines connect
to. The -R would mean that this central server would have port forwards
added to the remote systems. Something like autossh on the remote
clients could ensure that the remote systems are always connected.
There are a couple of gotchas, first, the ssh keys will not match so the
support people will likely get an error when they attempt to connect.
It makes it harder to detect an MITM attack.
The other thing to worry about is management. You will have to keep
track of which port forward connects to which remote station. For
example, the "hub" server may have an IP of 1.2.3.4, every remote
station that connects to it opens up a different port forward, and this
is configured on the remote stations (hopefully before you deploy). So
your support people will all ssh to 1.2.3.4 but on a different port
depending on which remote station they need access to.
I hope this all makes sense.
__
G
>
> Thanks my man,
>
> Rob
>
> -----Original Message-----
> From: Frank Parker [mailto:mr.frank.parker at gmail.com]
> Sent: 22 May 2009 19:16
> To: Robert Rawlins - Think Blue
> Cc: voyage-linux
> Subject: Re: [SPAM] Re: [Voyage-linux] Huawei E160
>
> Rob,
> You didn't say how you are trying to connect to the remote voyage
> boxes, but if it's SSH you could reverse your thinking. You could
> have a cronjob on the remotes that connect to the hub via
> certificate-based SSH and use -R to setup reverse tunnels. I use this
> trick a lot for on far flung routers and it works great.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoXDJ8ACgkQwRXgH3rKGfPt2QCffC0nrxCA/OI+iken+vm26SuA
EHwAnRhuogS6f1BfRjfjxaEgnRBAL0JG
=rhg6
-----END PGP SIGNATURE-----
More information about the Voyage-linux
mailing list