rssht
rssht copied to clipboard
Arkanosis
Reverse SSH tunnel, with optional SSH over HTTP
If there's a NAT not only server-side, but client-side as well, rssht currently works by ssh-ing to a relay server from the server, then ssh-ing again to the same relay...
This needs HTTP proxy support first: #12 [Use cntlm](https://gist.github.com/Arkanosis/741fbc266902ff903d1caefa58d1c4e0#accessing-the-internet-on-linux-behind-a-ntlm-proxy) for this.
[Use socat](https://gist.github.com/Arkanosis/741fbc266902ff903d1caefa58d1c4e0#tunneling-the-git-over-ssh-trafic-through-the-proxy) for this.
[pwnat](https://samy.pl/pwnat/) is a trick to traverse NAT at both sides of a network connection, without relying on TURN, STUN or ICE. It has non negligible security implications, such as potentially...
[socat](http://www.dest-unreach.org/socat/) is an interesting alternative to SSH to establish the reverse tunnel, with both pro and cons: * pros: * the server does not need a passphrase-less private key (no...
Add a wrapper for the client host, which takes care of the (optional) hts and ssh, guessing the ssh port from the sshd configuration, if possible. So, instead of having...
Add a new flag for the number of fast reconnection attempts (default… maybe 3 ?) that ignore the reconnection delay if the previous connection has been successful. This is to...
Currently, running ssh as a daemon process prevents the script from correctly monitoring the connection, thus spawning more useless connections. We should make sure each process (rssht itself, htc or...
Build packages for both Debian and RedHat (using [FPM](https://github.com/jordansissel/fpm)). A package for Arch would be a plus (with a patch for FPM, maybe?).
The current code does not cleanup the .pid file, as the `rm` is after an infinite loop. We should trap SIGINT or any other catchable signal to remove it.