Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/aphyr/tund

SSH reverse tunnel daemon
https://github.com/aphyr/tund

Last synced: 17 days ago
JSON representation

SSH reverse tunnel daemon

Host: GitHub
URL: https://github.com/aphyr/tund
Owner: aphyr
License: mit
Created: 2010-12-24T21:32:09.000Z (almost 14 years ago)
Default Branch: master
Last Pushed: 2020-02-07T23:14:15.000Z (almost 5 years ago)
Last Synced: 2024-11-17T06:08:29.967Z (25 days ago)
Language: Ruby
Homepage:
Size: 13.7 KB
Stars: 419
Watchers: 17
Forks: 27
Open Issues: 1
Metadata Files:
- Readme: README
- License: LICENSE

Awesome Lists containing this project

awesome-ssh - tund - *SSH* reverse tunnel daemon. (Apps / Network)
awesome-ssh - tund - *SSH* reverse tunnel daemon. (Apps / Network)
awesome-network-stuff - **385**星

README

Tund (tunneling daemon) establishes a reverse SSH tunnel from some publically
accessible computer to your own. In the event of theft or loss, you can log in
to your machine as soon as it connects to the internet.

It's also useful for machines behind a NAT you'd like to have a tunnel to.

You need two computers: the local host (say, your laptop), and the remote host,
which is on the internet. Tund will use SSH forwarding to connect a port on the
remote host to a port on the local host. You can then ssh -p
remote.com to access your local host.

First, edit the options in bin/tund.

Install tund and generate a passwordless SSH keypair. I've included an upstart
setup script for you, which should work on Ubuntu.

local$ sudo bin/setup

Create a user on the remote host
remote# adduser --disabled-password --shell /bin/false tunnel
remote# cd ~tunnel
remote# rm .bash* .profile

On the tunneling host, create .ssh/authorized_keys
remote# mkdir .ssh
remote# $VISUAL .ssh/authorized_keys

and paste the public key into that file.

Lock down the user's homedir
remote# chown -R tunnel:tunnel ~tunnel
remote# chmod 400 .ssh/authorized_keys
remote# chmod 500 . .ssh

Confirm that you can establish a tunnel:
local$ ssh -vgN -i etc/tund/key -R 2222:localhost:22 [email protected]

You can re-run bin/setup any time to make changes.

I suggest leaving a honeypot account available on your local machine. It will
encourage laptop thiefs to use the machine as-is. When they connect it to the
network, you'll be able to recover it. Conversely, any user capable of running
a privilege escalation attack has already won, when physical access is
available.