How can I make ssh connections under restrictive conditions?

0

I am demoing a product that will soon be sold, but during demos I have found that peoples internet is often more restrictive than I ever thought. In one particular area the internet provider does not allow the customer to access the router and open ports (this seems to be when the customer has cable through internet). This has got me thinking about how I am going to update and service the product, I originally assumed that I would be able to setup static IPs and port forwarding but this is not going to work. I also have found that many more people than I expected are on dynamic IPs. How do I overcome these problems?

I am running a very minimulistic linux with no gui, or X.

mrhobbeys

Posted 2013-02-26T14:56:37.713

Reputation: 293

Answers

1

Have the product initiate the request? Generally almost any connection can initiate outgoing requests, and it eliminates port forwarding issues. Maybe do it on a schedule?

ssmy

Posted 2013-02-26T14:56:37.713

Reputation: 1 250

This is where things get confusing for me. I am not even sure what to look up to understand this better. I can imagine having it connect to a server from 22 and now I connect to the server to initiate my connection. I just have no clue where to look. – mrhobbeys – 2013-02-27T07:15:04.000

Look into reverse ssh tunneling:http://www.alexonlinux.com/reverse-ssh-tunnel-or-connecting-to-computer-behind-nat-router

– ssmy – 2013-02-28T16:08:28.903

http://toic.org/blog/2009/reverse-ssh-port-forwarding/#.UTEOsjCG18G – mrhobbeys – 2013-03-04T22:26:19.070

0

Run an openvpn client on your product that connects back to an openvpn server at your site. Then you can ssh to the product device through the vpn.

gogators

Posted 2013-02-26T14:56:37.713

Reputation: 1 183

Any recomended solutions? I have a server running on static IP that runs FreeBSD and another with Ubuntu. – mrhobbeys – 2013-02-28T06:11:04.503

Of the solutions I have found so far PPTP, IPsec, and OpenVPN. It seems that OpenVPN is the most secure, but I also found that OpenVPN might have these (unconfirmed by me) issues that are a problem for me at this point. Limited Scalibility, if a key is stolen then all previous sessions become known(?), the key is stored on each peer in plain text. Need the ability to have lots of peers if the product is successful. Storing the key in plan text just seems like it asking from problems. I can not think how much of a problem it would be if the sessions are known but it sounds bad. – mrhobbeys – 2013-02-28T06:36:40.067

Asked: 2013-02-26T14:56:37.713

Viewed: 127 times

Active: 2013-02-27T23:52:05.110