SSH forward traffic and DNS with socks5h
Socks SSH forward internet and DNS
https://datawookie.dev/blog/2023/12/ssh-tunnel-dynamic-port-forwarding/
Socks SSH forward internet and DNS
https://datawookie.dev/blog/2023/12/ssh-tunnel-dynamic-port-forwarding/
sudo apt install dropbear-initramfs sudo sed -i 's/#DROPBEAR_OPTIONS=/DROPBEAR_OPTIONS="-I 180 -j -k -p 4000 -s -c cryptroot-unlock"/g' /etc/dropbear/initramfs/dropbear.conf # optional: configure IP if no DHCP avaiable # echo 'IP=192.168.2.123::192.168.2.1:255.255.254.0:my-wks01' >> /etc/initramfs-tools/initramfs.conf sudo ssh-import-id gh:<my_user_id> -o /etc/dropbear/initramfs/authorized_keys sudo update-initramfs -u ssh root@your_workstation_ip -p 4444 # unlock disk unlock-cryptroot
Links
https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
https://realtechtalk.com/Howto_Set_Static_IP_on_boot_in_initramfs_for_dropbear_or_other_purposes_NFS_Linux_Debian_Ubuntu_CentOS-2278-articles
@Office
cat <<EOF> ~/bin/proxy-ssh-forward.sh #!/bin/bash PROXY_SERVER=proxy.example.com eval \$(ssh-agent) && ssh-add while true; do echo "Connect to proxy ..." ssh -a -v -N -R 7422:localhost:22 -o ServerAliveInterval=30 -o ServerAliveCountMax=10 \${PROXY_SERVER} sleep 10 done EOF chmod +x ~/bin/proxy-ssh-forward.sh nohup ~/bin/proxy-ssh-forward.sh
@Home
Allow SSH access
LB_ID=foo-lb01-prod AMPHORA_ID=$(openstack loadbalancer amphora list --loadbalancer ${LB_ID} --role MASTER -c id -f value) AMPHORA_COMPUTE_ID=$(openstack loadbalancer amphora show ${AMPHORA_ID} -c compute_id -f value) LB_NETWORK_IP=$(openstack loadbalancer amphora show ${AMPHORA_ID} -c lb_network_ip -f value) SECURITY_GROUP_ID=$(openstack port list --server ${AMPHORA_COMPUTE_ID} --fixed-ip "ip-address=${LB_NETWORK_IP}" -c security_group_ids -f value) # DEBUG: show ingress tcp rules openstack security group rule list --ingress --protocol tcp ${SECURITY_GROUP_ID} openstack security group rule create --protocol tcp --dst-port 22:22 --remote-ip 172.16.0.0/12 ${SECURITY_GROUP_ID} openstack loadbalancer amphora list --loadbalancer ${LB_ID} -c lb_network_ip -c role -f value openstack loadbalancer amphora list --loadbalancer ${LB_ID} -c lb_network_ip --role MASTER -f value # login to amphora VM from OpenStack control node ssh local@ctl1-dev.dev.i.example.com ssh -i ~/.ssh/id_rsa_octavia ubuntu@${AMPHORA_VM_IP}
Manuall SSH access
sudo apt-get install -y sshuttle
sshuttle --dns --remote foo@example.com 10.0.0.0/8 192.168.251.36/3 --exclude 192.168.179.0/24
Linux
https://sshuttle.readthedocs.io/en/stable/
https://sshuttle.readthedocs.io/en/stable/windows.html
export CONTAINER=vpn
# create container
# TODO: configure MAC on create container
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -s -- -f
# configure container MAC address
sed -i 's|lxc.network.hwaddr = .*|lxc.network.hwaddr = 00:11:22:33:44:5e|' /var/lib/lxc/${CONTAINER}/config
# enable autostart
echo "lxc.start.auto = 1" | tee -a /var/lib/lxc/${CONTAINER}/config
# configure container
##echo "lxc.hook.autodev=/var/lib/lxc/vpn/autodev" >> /var/lib/lxc/${CONTAINER}/config