dear community, i have 2 linux debian boxes in 2 different locations and subnets. currently i had installed an open vpn client to accessing direct over openvpn to the boxes via ssh. now my question: is there a simple way that the boxes connecting via cronjob each minute to a "webserver" where they then "when needed" open a remote shell? elike teamviewer only that i can then direct access via php and shell_exec() to the remote linux box? or similar way to do this? currently i run an cronjob each minuten like wget https://url.com/getCommandBox1.sh when i now want execute a remote command in my box1, then i edit the getCommandBox1.sh file and enter the command todo. but if i had any error in my script, then i cannot see that. is there a possibility to build up a "remote shell" like "teamviewer" on the boxes? did anybody know a working maybe existing solution? thank you so much
If you have OpenVPN tunnel set up between the two hosts, connection between them works. Or not? Is this a third host that both of the linux boxes need to access? I do not understand what is desired here. Would a command like Code: ssh [email protected] hostname -f accomplish what you need? With this you can see what the command outputs, no need to edit script file and errors are displayed.
dear taleman, thank you for your reply. no i want remove the openvpn connections. currently the boxes (in this case 10 linux boxes) connection through openVPN to a server. from this server i can currently access direct to each box through ssh via openvpn connection. it does not matter which official ip address the boxes has. and i dont must setup a port forwarding. now i want do the same except openvpn. that means that the boxes opens a connection to a php script or a linux server machine, where i can then access ssh from the boxes. only without openvpn. maybe that the boxes after boot connect to server:22, and i can then access from the server direct to the open remote shell connection. is there any possibility to do that? and yes i want that each box connect to a server from them i can then access via ssh the boxes (boxes are ssh clients whats open a ssh connection to the server from them i can access direct to the ssh shell from the boxes). thank you so much
You want a client computer open SSH connection to a server, and then on server SSH back to that client? This sounds like Reverse SSH Tunneling (look it up using Internet Search Engines). Maybe you could use something like Ansible, https://en.wikipedia.org/wiki/Ansible_(software).
why not just configure port knocking? given a large enough random list of ports, it's extremely unlikely that a hacker will chance upon the correct sequence. each server could run the knock command required to get the remote server to open port 22, run the ssh session, then run the knock command to close port 22 again. additionally, (or alternatively) configure the firewall rules so that access via ssh is only allowed from a specified list of ip's.
