#-*- mode: org -*-
Remote pairing and tunneling
I am using ‘x’ as a remote server that both parties have access to.
This document’s url: http://bit.ly/MaVR4X
For all purposes, tmux > screen, therefore I am skipping screen.
Ubuntu: sudo apt-get install tmux OSX: brew install tmux (via homebrew: https://github.com/mxcl/homebrew) Windows: I’m sorry, I can’t help you. I don’t think anyone can.
(for all commands, the default prefix bindkey is ctrl-b, however my configuration sets the prefix to ctrl-z)
Start a new tmux:
List tmux sessions:
Attach to a current tmux (same user):
However, a lot of the time we need a different user to connect to the same tmux, so we need to start tmux with a socket we actually know about:
tmux -S /tmp/leemux
Chmod it so others have access (feel free to limit only to a certain group)
chmod 777 /tmp/leemux
Then, as any other user, you can do:
tmux -S /tmp/leemux attach
To detach from a tmux session, use <prefix> d (so ctrl-b, then ‘d’ for the default tmux configuration)
tmux cheatsheet - http://www.dayid.org/os/notes/tm.html my tmux configuration - https://github.com/dakrone/dakrone-dotfiles/blob/master/.tmux.conf
To SSH to a machine, setting up a reverse tunnel back to your machine:
ssh -nNT -R 4444:localhost:22 x
Then, when another user is on the ‘x’ machine:
ssh -p 4444 user@localhost
Or, if you want to have a easy way to automaticall do it, add this to ~/.ssh/config:
Host mytunnel User username ProxyCommand ssh -q x nc -q0 localhost 4444
and the following will work from your machine (not x):
This will connect them to your machine, without either person actually having to set up port forwarding, DNS or knowing IPs
Ubuntu: sudo apt-get install autossh OSX: brew install autossh Windows: …
AutoSSH behaves almost exactly like SSH, except it will automatically recreate connections if they stop responding after a timeout.
First, set how long the timeout should be (20 seconds):
Then, use `autossh` similar to the way you use ssh, the -M option telling autossh what (local) port to use for polling this connection (just set it to whatever you feel like):
autossh -M 22000 -nNT -R 4444:localhost:22 x
This establishes the same tunnel as in the ssh section, but it will recreate the tunnel in the event the connection is lost (wifi dropped or you closed your laptop)
Advanced tunneling, when absolutely must have a way to get traffic out. Socat can do all sorts of crazy stuff, check out the documentation.
It’s been a while since I’ve done this, so ymmv.
Ubuntu: sudo apt-get install socat OSX: brew install socat Windows: …
Socat can be used to poke tunnels through draconian firewalls, as well as for regular tunnels and reverse tunnels
Assuming you have a .pem file (certificate), on a machine you plan to tunnel to that doesn’t currently use HTTPs for things:
sudo socat -d -d OPENSSL-listen:443,cert=host.pem,verify=0 TCP4:localhost:22,fork
Now, on a machine behind a draconian firewall (you’ll need the same .pem file on both machines):
sudo socat -d -d TCP4-listen:6666,fork OPENSSL:myfoo.com:443,cert=host.pem,verify=0
You can use the tunnel to connect to the target machine via ssh:
ssh -p 6666 user@localhost
You can also tunnel traffic through the socat tunnel:
ssh -ND 9999 user@localhost -p 6666
Port 9999 is now set up to tunnel all traffic as if coming from the non-firewalled machine.
How to generate a .pem file (self-signed cert): http://panoptic.com/wiki/aolserver/How_to_generate_self-signed_SSL_certificates