Comments (5)
It's possible however I'm not sure if it would make sense. Currently, chisel client ...
basically does an ssh -L
local port forward (opens a new TCP server on the client). Whereas a -R
remote port would open a new TCP server on the server. The purpose of chisel is to overcome firewalls by running all traffic over HTTP, so one would need to send this traffic over HTTP. With -L
the local server performs this encapsulation, though with -R
we have no client to perform this encapsulation. So it only makes sense to open up normal ssh -R
port forward, in which case, I'd just suggest you use ssh
.
from chisel.
Indeed we are facing a very strict firewall only HTTP and HTTPS are allowed. Any other links include ssh
are unstable and unusable usually.
Before jump into chisel using websocket, the following solution has been used, but it is too tricky and has no good performance. It also breaks the normal HTTP server deployments.
client | | server /----------> HTTP server
autossh -> stunnel ----->FIREWALL----->stunnel->sslh--+-------> ssh server
The local traffic are encapsulated and forwarded by ssh -L
. Also, when running autossh
a -R
is added to open a remote port forwarding to the local client side. The remote port forwarding is used to do some settings to the local client host, which is impossible without remote port forwarding capability when you are outside the firewall.
The ssh -R
alike option would be added to chisel client
side instead of server side. The remote forwarded ports would only be opened by the requests of authenticated clients.
In conclusion, chisel server
is more like the sshd
daemon, while chisel client
behaves more like the ssh
client. They communicate via the HTTP/HTTPS(WS/WSS) linkage.
The -R
options would and should only be added to the chisel client
side. Something like:
chisel client [options] <server> <remote> [remote] [remote] [-R [bind_address:]port:host:hostport] [-R [bind_address:]port:host:hostport]...
from chisel.
Have you tried tunneling to the SSH server via chisel, then do your normal SSH from there?
from chisel.
It surely works tunneling to the SSH server via chisel. That results in a multiple-layer tunnel.
SSH remote port forwarding is tunneled via ssh, which is tunneled through chisel, then websocket and TLS.
If chisel can do remote port forwarding, the 4-layer tunnel could be simplified to three layer.
from chisel.
See #3 for a better solution to this - will close as it covers this use case. If I'm mistake, feel free to re-open
from chisel.
Related Issues (20)
- What's the difference between the SSH connections and the HTTPS connections from the client to the server?
- Version mismatch when using auth file HOT 2
- Not issues but important HOT 5
- Chisel client bind interface HOT 2
- Cloudflare IP host command string example needed.
- ARM v5 crash
- multiple sockets bind to the same address
- Intermittent Authentication Failure with Chisel Server After Updating users.json
- there is no stop function?
- --keyfile documentation is incorrect
- Enable key automation HOT 4
- Unable to compile from source
- Any way to display Auth user when connecting?
- Getting error tls: failed to verify certificate on connecting with https HOT 1
- Use My lib for android apps
- Client version (0.0.0-src) differs from server version (v1.9.1)
- Snort now blocking chisel HOT 2
- Question?
- Any way to run the websocket for a fixed duration HOT 1
- Question about using a fingerprint and hide credential in base64
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chisel.