summaryrefslogtreecommitdiff
path: root/other/openssh-2.1.1p4/README.fun
diff options
context:
space:
mode:
Diffstat (limited to 'other/openssh-2.1.1p4/README.fun')
-rw-r--r--other/openssh-2.1.1p4/README.fun51
1 files changed, 51 insertions, 0 deletions
diff --git a/other/openssh-2.1.1p4/README.fun b/other/openssh-2.1.1p4/README.fun
new file mode 100644
index 0000000..b696aca
--- /dev/null
+++ b/other/openssh-2.1.1p4/README.fun
@@ -0,0 +1,51 @@
1Enabling reverse fun
2====================
3
4Reverse fun was 'invented' to allow users outside firewalls (which deny
5any incoming connects) or users behind masquerading routers to use ssh.
6In december 1999 on the Chaos Congress we faced the problem that the whole
7network was NATed and therefore nobody could connect to one of our
8ssh-servers. Dream-team TESO solved this problem by using scut's excellent
9'reverb' which mapped two active connections together and brought
10the client into internal network. I was very impressed and half a year
11after I patched OpenSSH to allow such things to happen without use of
12'third-party'-software. :)
13
14How it works
15------------
16
17When having reverse fun, the server (sshd) act's indeed as client and brings
18a connect to the now-server 'ssh' outside the firewall. SSH-protocol
19negotiation goes as normal then, and the user of ssh-client sees
20no difference as if (s)he would do the connect normally.
21Since the ssh-client acts as server until connect arrives,
22it blocks the user's terminal until a person (or crond:) behind the
23firewall initiates the connection.
24
25Security
26--------
27
28During reverse fun, the server must authenticate itself using
29the host-key as usual, so you can be sure the right connection arrived when
30no warning-message is placed on the screen.
31Since ssh-client runs setuid-root, reverse fun might be a danger (high-port
32bindings etc.). I've written it just for fun, and you propably shouldn't
33run this patched OpenSSH on production-machines.
34
35IPv6 support is built in, but not tested.
36
37
38Samples
39-------
40
41client:
42 sshd -r foobar -p 7350 to connect to foobar:7350 where a client must listen
43
44server:
45 ssh -r -p 7350 to wait for incoming connects on port 7350
46
47
48When you have other funny idea's how to turn world upside down
49with programming tricks, contact me: krahmer@cs.uni-potsdam.de
50
51-Sebastian