Linode Forum :: How to access my linode behind a farwall that locks port 22?

It has to allow more then just 80 & 443, or you wouldn't get email.

vonskippy wrote:

It has to allow more then just 80 & 443, or you wouldn't get email.

Not all places allow IMAP/POP/SMTP. However I do agree more should be open (unless they have the resources to host their own DNS cache).

sblantipodi, you have four options:

Change SSH's port to something you DO have access to
Adjust the firewall, or ask someone with firewall access to allow port 22
Use LISH from Linode Manager
Find a web-based SSH client (they do exist)

Requiring a tunnel narrows you down to the first two options: Change the ssh port, or adjust the firewall to allow it.

Have you considered switching ssh to port 8080? Most places allow it, even if they block everything else.

How about some other port? Any place is almost required to have more than two ports open. If you don't know of any other open ports, you can easily discover them via nmap:

Use Lish to disable (temporarily) your Linode's firewall
Instruct nmap to scan your Linode for ports 1-65535
Do something else while you wait for nmap to finish
If any ports show up that isn't need on your Linode or local network, pick one and switch ssh to that

Since nmap can't scan through blocked ports, anything blocked by the firewall will appear closed from nmap's perspective, therefor you'll see exactly what's allowed.

I haven't understood this, if I disable firewall, and I nmap my linode, only opened ports will be shown (if firewall doesn't block it)
so it does not seems a good method to discover what are the "openable ports"

Any place is almost required to have more than two ports open.

Author:	sblantipodi [ Wed Jul 24, 2013 3:04 pm ]
Post subject:	How to access my linode behind a farwall that locks port 22?
As title, I need to access my linode behind a firewall that blocks port 22. The firewall permits traffic on port 80 and 443, I can't switch my ssh port to 80 or 443 because there is a web server running on my linode. Is there a way to do some tricks to tunnel SSH over HTTP? I read this guide but I understood nothing: http://dag.wieers.com/howto/ssh-http-tunneling/ Thanks

Author:	vonskippy [ Wed Jul 24, 2013 3:06 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
It has to allow more then just 80 & 443, or you wouldn't get email.

Author:	sblantipodi [ Wed Jul 24, 2013 3:14 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
vonskippy wrote: It has to allow more then just 80 & 443, or you wouldn't get email. Infact I can't get the email if not using the webmail.

Author:	Piki [ Wed Jul 24, 2013 3:21 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
vonskippy wrote: It has to allow more then just 80 & 443, or you wouldn't get email. Not all places allow IMAP/POP/SMTP. However I do agree more should be open (unless they have the resources to host their own DNS cache). sblantipodi, you have four options: Change SSH's port to something you DO have access to Adjust the firewall, or ask someone with firewall access to allow port 22 Use LISH from Linode Manager Find a web-based SSH client (they do exist)

Author:	sblantipodi [ Wed Jul 24, 2013 3:29 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
Piki wrote: vonskippy wrote: It has to allow more then just 80 & 443, or you wouldn't get email. Not all places allow IMAP/POP/SMTP. However I do agree more should be open (unless they have the resources to host their own DNS cache). sblantipodi, you have four options: Change SSH's port to something you DO have access to Adjust the firewall, or ask someone with firewall access to allow port 22 Use LISH from Linode Manager Find a web-based SSH client (they do exist) I need to access SSH to do tunnels, if I have access to SSH I can tunnel email ports for example. I don't need something like lish, I need ssh access. I know that I can tunnel ssh traffic via http, there is proxytunnel to allow me this, the only problem is to understand how it works.

Linode Forum https://forum.linode.com/

How to access my linode behind a farwall that locks port 22? https://forum.linode.com/viewtopic.php?f=19&t=10275	Page 1 of 4

Author:	Piki [ Wed Jul 24, 2013 3:37 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
Requiring a tunnel narrows you down to the first two options: Change the ssh port, or adjust the firewall to allow it. Have you considered switching ssh to port 8080? Most places allow it, even if they block everything else.

Author:	sblantipodi [ Wed Jul 24, 2013 3:40 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
Piki wrote: Requiring a tunnel narrows you down to the first two options: Change the ssh port, or adjust the firewall to allow it. Have you considered switching ssh to port 8080? Most places allow it, even if they block everything else. 8080 is locked and as I mentioned 80 and 443 ports are just used by apache.

Author:	Piki [ Wed Jul 24, 2013 4:00 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
How about some other port? Any place is almost required to have more than two ports open. If you don't know of any other open ports, you can easily discover them via nmap: Use Lish to disable (temporarily) your Linode's firewall Instruct nmap to scan your Linode for ports 1-65535 Do something else while you wait for nmap to finish If any ports show up that isn't need on your Linode or local network, pick one and switch ssh to that Since nmap can't scan through blocked ports, anything blocked by the firewall will appear closed from nmap's perspective, therefor you'll see exactly what's allowed.

Author:	sblantipodi [ Wed Jul 24, 2013 4:36 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
Piki wrote: How about some other port? Any place is almost required to have more than two ports open. If you don't know of any other open ports, you can easily discover them via nmap: Use Lish to disable (temporarily) your Linode's firewall Instruct nmap to scan your Linode for ports 1-65535 Do something else while you wait for nmap to finish If any ports show up that isn't need on your Linode or local network, pick one and switch ssh to that Since nmap can't scan through blocked ports, anything blocked by the firewall will appear closed from nmap's perspective, therefor you'll see exactly what's allowed. I haven't understood this, if I disable firewall, and I nmap my linode, only opened ports will be shown (if firewall doesn't block it) so it does not seems a good method to discover what are the "openable ports"

Author:	Guspaz [ Wed Jul 24, 2013 5:05 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
Are you the one controlling the firewall? If so, open port 22. If not, your options are limited, an HTTP tunnel is your only option (or web-based SSH like Lish or something hosted on your own box).

Author:	Piki [ Wed Jul 24, 2013 5:30 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
sblantipodi wrote: I haven't understood this, if I disable firewall, and I nmap my linode, only opened ports will be shown (if firewall doesn't block it) so it does not seems a good method to discover what are the "openable ports" nmap doesn't scan for openable ports, it scans for opened ports that you can use for ssh. There is no method to discover openable ports, those are already set by standards governing low-level network protocols. ssh uses the protocol known as TCP, which allows any port from 1 to 65535. Chances are, the firewall at your location has a handful already opened (including 80 and 443), along with some others that you can discover either with a portscanner like nmap, or by asking whomever controls the firewall.

Author:	glg [ Wed Jul 24, 2013 9:12 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
Piki wrote: Any place is almost required to have more than two ports open. Not to a random user machine. This is pretty common at corporations. There will be specific holes for the mail servers, etc, but not to a user machine, and in that case, 80/443 may not even be open, instead they'd be proxied.

Author:	kyhwana [ Wed Jul 24, 2013 9:14 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
You could try using sslh. http://www.rutschle.net/tech/sslh.shtml

Author:	sweh [ Wed Jul 24, 2013 9:26 pm ]
Post subject:	Re: How to access my linode behind a farwall that locks port
Install AjaxTerm? http://antony.lesuisse.org/software/ajaxterm/

Page 1 of 4	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/

Author:	edwinlee [ Thu Jul 25, 2013 2:36 am ]
Post subject:	Re: How to access my linode behind a farwall that locks port
@sblantipodi If you are accessing your Linode within a corporate environment which I am assuming, using a ssh client (putty) would suffice. However, you mention that your linode_box is running a web server and cannot bind sshd to those ports. Another way is to create the SSH tunnel on other_box where you have root access to bind on ports 80 or 443. Then the command would be: ssh -v -4 -L other_box.example.com:80:linode_box.example.com:22 your_login@other_box.example.com This will create a listen port 80 on the other_box and fowards the connection to port 22 on your linode_box. Then you would need to use an ssh client to connect to other_box port 80 Hope this helps and not confuse you. Another option is, install ajaxterm or anyterm on your linode web server.