Created

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

Denver Clojure Meetup, remote pairing

View remote-pairing.org

#-*- mode: org -*-

Remote pairing and tunneling

I am using ‘x’ as a remote server that both parties have access to.

This document’s url: http://bit.ly/MaVR4X

Tools

Screen

For all purposes, tmux > screen, therefore I am skipping screen.

Tmux

Installation

Ubuntu: sudo apt-get install tmux OSX: brew install tmux (via homebrew: https://github.com/mxcl/homebrew) Windows: I’m sorry, I can’t help you. I don’t think anyone can.

Usage

(for all commands, the default prefix bindkey is ctrl-b, however my configuration sets the prefix to ctrl-z)

Start a new tmux:

tmux

List tmux sessions:

tmux ls

Attach to a current tmux (same user):

tmux attach

However, a lot of the time we need a different user to connect to the same tmux, so we need to start tmux with a socket we actually know about:

tmux -S /tmp/leemux

Chmod it so others have access (feel free to limit only to a certain group)

chmod 777 /tmp/leemux

Then, as any other user, you can do:

tmux -S /tmp/leemux attach

To detach from a tmux session, use <prefix> d (so ctrl-b, then ‘d’ for the default tmux configuration)

Resources

tmux cheatsheet - http://www.dayid.org/os/notes/tm.html my tmux configuration - https://github.com/dakrone/dakrone-dotfiles/blob/master/.tmux.conf

SSH

Installation

Seriously?

Usage

To SSH to a machine, setting up a reverse tunnel back to your machine:

ssh -nNT -R 4444:localhost:22 x

Then, when another user is on the ‘x’ machine:

ssh -p 4444 user@localhost

Or, if you want to have a easy way to automaticall do it, add this to ~/.ssh/config:

Host mytunnel
  User username
  ProxyCommand ssh -q x nc -q0 localhost 4444

and the following will work from your machine (not x):

ssh mytunnel

This will connect them to your machine, without either person actually having to set up port forwarding, DNS or knowing IPs

Resources

man ssh

http://segfault.in/2010/02/5-ssh-tricks-you-must-know/ http://www.revsys.com/writings/quicktips/ssh-tunnel.html

AutoSSH

Installation

Ubuntu: sudo apt-get install autossh OSX: brew install autossh Windows: …

Usage

AutoSSH behaves almost exactly like SSH, except it will automatically recreate connections if they stop responding after a timeout.

First, set how long the timeout should be (20 seconds):

export AUTOSSH_POLL=20

Then, use `autossh` similar to the way you use ssh, the -M option telling autossh what (local) port to use for polling this connection (just set it to whatever you feel like):

autossh -M 22000 -nNT -R 4444:localhost:22 x

This establishes the same tunnel as in the ssh section, but it will recreate the tunnel in the event the connection is lost (wifi dropped or you closed your laptop)

Resources

http://www.harding.motd.ca/autossh/

Socat

Advanced tunneling, when absolutely must have a way to get traffic out. Socat can do all sorts of crazy stuff, check out the documentation.

It’s been a while since I’ve done this, so ymmv.

Installation

Ubuntu: sudo apt-get install socat OSX: brew install socat Windows: …

Usage

Socat can be used to poke tunnels through draconian firewalls, as well as for regular tunnels and reverse tunnels

Assuming you have a .pem file (certificate), on a machine you plan to tunnel to that doesn’t currently use HTTPs for things:

sudo socat -d -d OPENSSL-listen:443,cert=host.pem,verify=0 TCP4:localhost:22,fork

Now, on a machine behind a draconian firewall (you’ll need the same .pem file on both machines):

sudo socat -d -d TCP4-listen:6666,fork OPENSSL:myfoo.com:443,cert=host.pem,verify=0

You can use the tunnel to connect to the target machine via ssh:

ssh -p 6666 user@localhost

You can also tunnel traffic through the socat tunnel:

ssh -ND 9999 user@localhost -p 6666

Port 9999 is now set up to tunnel all traffic as if coming from the non-firewalled machine.

Resources

Documentation http://www.dest-unreach.org/socat/

How to generate a .pem file (self-signed cert): http://panoptic.com/wiki/aolserver/How_to_generate_self-signed_SSL_certificates

No comment http://www.radarhack.com/tutorial/DEFEATING_THE_NETWORK_SECURITY_INFRASTRUCTURE.pdf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.