public library blocks port 22

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Gentlemen, the public library blocks port 22, so I cannot use PuTTY to
connect to my Dreamhost shell account when I go to town.

If I were root@dreamhost then I would, before I went to town, just run
sshd to listen on say port 57391 and when in town type 57391 into

But I'm not root@dreamhost, however, when I am in town I can still log
into webmail and send my Dreamhost account a message with a secret
word that can trigger procmail to execute something, but what should
that something be?

Yes I read up on all that tunneling and VPN business and of course it
is confusing.

$ dpkg -l doesn't show netcat installed at Dreamhost. Should I install
it and write a procmail recipe to connect port 57391 to 22, then when
I am at the library send procmail the trigger and tell PuTTy to
connect via 57391?

Re: public library blocks port 22 writes:

Quoted text here. Click to load it

Sounds like you need a shell account at a provider running ssh on
another port....somewhere anywhere.  Or, it's possible dreamhost has
an sshd already running on a non-standard port (have you asked?).

At any rate, before you go to this trouble of likely violating the TOS
of dreamhost's shell account (or to learn that their ingress firweall
blocks all attempts to connect on ports other than the specific
services their running), what's to say the library isn't simply egress
filtering everything that isn't destined for port 80 or 443?  That may
be the case.  

So the best chance for success will involve an ssh server listening on
tcp/80 or 443.

And for that, you'll either need a shell host that provides that (they
exist), or need root somewhere.

Todd H. /

Re: public library blocks port 22

On 08 Jan 2008 23:45:19 -0600, Todd H. wrote:

Quoted text here. Click to load it

Or the library's Use Codes....

Re: public library blocks port 22

Quoted text here. Click to load it
Quoted text here. Click to load it

That might work. A quick experiment with nc suggests that the
command line

  nc -l -p 57391 -c 'nc -q0 localhost 22'
is what you're after, and does the right thing: the outer nc listens
for a connection on port 57391, and when one comes in it executes
the inner nc which passes it on to port 22.

However, I'd be wary of running it from procmail without thinking
very carefully about the security implications (not to mention
practical considerations such as detaching from the parent process
and closing file descriptors that the calling procmail wasn't
expecting to have held open). I'm not a procmail expert, so I can't
help you there.

(How are you able to install a Debian package at Dreamhost if you
don't have root there? Note that -q0 is a Debian-specific option to
nc, so if you turn out not to be able to install the package and
have to compile it locally then you should use the Debian sources
rather than the standard ones.)

As other posters have said, you might also need to consider the
possibility that the library has a general block on all unapproved
ports rather than a specific block on port 22, and the possibility
that someone's terms of service might have something to say about
what you're proposing to do.
Simon Tatham         "My heart bleeds.

Re: public library blocks port 22

On 09 Jan 2008 13:48:34 +0000 (GMT), Simon Tatham wrote:

Quoted text here. Click to load it

Not to mention that they may keylog everything you do.

Re: public library blocks port 22 wrote:
Quoted text here. Click to load it

If the library is using a proxy server you could run corkscrew to SSH
over it.

Site Timeline