I am using netcat to send file over my campus network.
I have used
c:\nc -w200 10.x.x.x 9638 < file.txt
on my client machine and
c:\nc -v -L -p 9638 >> nc.out
on my computer that is working as a server to receive files.
It worked completely fine when i tested it using localhost hence sending and receiving files on my system only.I am using the netcat version without the GAPING_SECURITY_HOLE downloaded from http://www.rodneybeede.com/Compile_Netcat_on_Windows_using_MinGW.html.
Our systems are connected to the net using proxy servers. Could they be interfering? Also pinging computers is disabled.
I am working on windows for now.
Yes proxy and router may interfere.
Try to see if you can telnet to that port
telnet <ip> port
That will tell you if you can access that machine on that port
Related
On my Mac terminal, I can get my Pi ip address using this command line:
arp -n raspberrypi.local
it return the IP address of the pi.
and then I can absolutely SSH into the raspberry pi using these command lines:
ssh-keygen -R raspberrypi.local
ssh pi#raspberrypi.local
However if I ping the pi, it return request timeout and I also cannot access the vnc viewer.
PING from Network Utility
Everything worked just fine when I first log in to this raspberry pi but then this happened.
A device not responding to ping doesn't mean it has a problem. "Ping" packets (https://it.wikipedia.org/wiki/Internet_Control_Message_Protocol) have to be allowed to reach a destination and the destinations has to be allowed to reply. Usually there's a firewall allowing/denying this kind of traffic.
Assuming the services you're speaking about, are correctly running on the machine (server) you want to connect to:
ssh runs on port 22: a firewall policy need top be in place to allow you (the client) to connect to the server on port 22
vnc runs on port 5900 (and above) according to the configuration: also in this situation, a firewall policy has to be in place to allow you (the client) to connect to the server
We have a Jenkins server which is accessible only from within the VPC on the cloud. On Mac and Linux I use sshuttle to make a ssh connection to the bastion instance (to act a proxy) and open the Jenkins console in the browser. Everything works fine.
Now I'm on Windows and trying to do the same on WSL2. If I'm not mistaken previously, sshuttle didn't work on WSL1 (failed with some error message), but I managed to run it on WSL2 without any issue. The ssh connection is established and I can access my Jenkins (using curl).
Then I tried to access my Jenkins on Windows via WSL2:
1. I found the IP address of WSL2 and the port the ssh tunnle:
# lsof -i -n | grep ssh
sshuttle 1234 rad 5u IPv4 39270 0t0 TCP *:socks (LISTEN)
ssh 5678 rad 3u IPv4 40252 0t0 TCP 172.25.236.84:57578->bastion:ssh (ESTABLISHED)
2. I configured network proxy setting of Firefox (v77) to use my ssh tunnle:
Manual proxy configuration
SOCK host: 172.25.236.84
Port: 1080
SOCKS V5 (tested with V4 as well)
But loading the page fails with "The connection was reset" error on Firefox. I tested via Powershell that the SOCKS port is open and responding (using Test-NetConnection).
1. Any idea what the problem is? How to make it work?
2. If it's not gonna work, is there any other solution (e.g. Docker, etc)?
Thanks.
I'm not sure, but my guess is that sshuttle doesn't actually act as a SOCKS proxy and that's why the connection gets reset.
I managed to access my Jenkins on Windows machine using ssh SOCKS proxy: ssh -D 0.0.0.0:1080 rad#bastion and configured Firefox to use the SOCKS proxy.
Interestingly, for this you don't even need WSL. It seems Windows 10 has OpenSSH and you can use it. Just open CMD and type ssh -D 1080 rad#bastion and setup Firefox to use localhost as the proxy.
If there's any better solution or any comment/concern (apart from DNS over SOCKS) with this approach, please share.
Thanks.
As alternative on WSL(2) you can run a regular SSH tunnel.
Eg:
ssh -N -L 127.0.0.1:5432:some_domain_to_forward:5432 user#jumpbox_ip
and then just connect to 127.0.0.1:5432
I´ve got a Server behind a firewall and the firewall only allows traffic through port 22. This server has both public and private addresses.
I´ve got also about 1K clients that I need to reverse shell to this server, and be able to choose one of them by id when I want that ssh reversed tunnel.
My goal is to make the clients connect to ssh server via port 22, and each one of this connections should be forwarded to localhost on port with the same id.
When I connect to the server with my laptop also via ssh, I would then ssh to localhost on the correct id and get the client shell.
Can someone provide me the good path to achieve this behaviour using bash, ssh and linux tools?
Note - I don´t want to use client.py and server.py cause most of my clients are android based and it could easily become a nightmare to install python on all of them.
The problem - it was solved using remote port forwarding:
ssh -R 21:localhost:8888 user#server
In this command the 8888 represents the terminal id. In order for this to work, had to add this line to my ssh conf:
GatewayPorts yes
I've created SSH tunnels in the past, but I'm having trouble on OSX. I'm looking to take a website's port 80, and direct it to my localhost:8080. When I run this command
ssh -L 8080:<cloud_ip_address>:80 root#<cloud_ip_address> -N
I get the default apache 'it works!' page.
Why am I not getting the port 80 of the remote machine (which is running a web app)?
UPDATE
I still do not have a solution yet, but I have some more information. The page I am getting is the default page in /var/www/html but I am serving a Flask app which does not have static pages.
Because HTTP protocol contains not only the IP address, but also the hostname (the URL you type into your browser), which differs between the <cloud_hostname> and localhost. The easiest way to trick it is to create /etc/hosts (there will be some OSX alternative -- search ...) entry redirecting the hostname of your remote machine to localhost.
127.0.0.1 <cloud_hostname>
But note that in this case you will not be able to access the remote machine using the hostname!
A service, for example an FTP server, only accepts connections from a specific network, where all users will have the same external IP-adress.
I want to connect to this service, but I'm currently not inside the allowed network.
I have ssh access to a server inside the network.
How do I use ssh to tunnel a certain port from my local machine, through a machine on the internal network, to the final service, so that any client opening the correct port won't notice any difference?
You can create a SSH tunnel to your specific network using the following command.
For instance, let's say you want to reach a web service on computer "mywebserver" (port 80).
Under Linux or BSD, using OpenSSH, you can use the following commandline:
ssh -f mysshserver -L 1234:mywebserver:80 -N
Under Windows, you can use MobaXterm which includes a simple graphical ssh tunnel builder
This will open a SSH tunnel between local port 1234 and remote webserver on port 80. You can then open your web browser and connect directly to your web server by typing "http://localhost:1234" in the address bar.