[PVE-User] ssh tunnel reverse

[Luis Díaz]

greetings.
my state:
if I write the following in the browser: https://xxx.xxx.xxx.xxx:8006/
the system does not show me the administrative interface

when I make a tunnel reverse
ssh-L 1234:127.0.0.1:8006 root at xxx.xxx.xxx.xxx
I can connect to the browser http://127.0.0.1:1234/

Now apply the following iptables rules:

################################
#!/bin/sh
IPT=/sbin/iptables

$IPT -F;
$IPT -F INPUT;
$IPT -F OUTPUT;
$IPT -F FORWARD;
$IPT -X;

$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT #ssh
#$IPT -A INPUT -p tcp --dport 53 -j ACCEPT #DNS
#$IPT -A INPUT -p udp --dport 53 -j ACCEPT #DNS
#$IPT -A INPUT -p tcp --dport 80 -j ACCEPT #http
#$IPT -A INPUT -p tcp --dport 110 -j ACCEPT #POP3
$IPT -A INPUT -p tcp --dport 443 -j ACCEPT # https
$IPT -A INPUT -p tcp --dport 8006 -j ACCEPT #interface

$IPT -A INPUT -p tcp --dport 5900 -j ACCEPT #VNC
$IPT -A INPUT -p tcp --dport 5901 -j ACCEPT #VNC
$IPT -A INPUT -p tcp --dport 5002 -j ACCEPT #VNC
$IPT -A INPUT -p tcp --dport 5003 -j ACCEPT #VNC

$IPT -A INPUT -j REJECT
######################################


also secure server
* Locked root access via ssh
* Installing fail2ban
* Creating a user "userxyz" ssh access
* I added "userxyz" to "sudo"

I can not do the reverse tunnel ... : (

write: ssh-L 1234:127.0.0.1:8006 userxyz at xxx.xxx.xxx.xxx
answer: Received disconnect from xxx.xxx.xxx.xxx: 2: Too many
authentication failures for userxzy

I resolve this?
Thanks for your time!
I am new to the topic: S


Díaz Luis
Analista Programador Facultad de Odontología UC
User Linux 532223
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20121115/3aac0bed/attachment.htm>