Question Nexus

Ask a question get an Answer

«
»

How I got around Comcast’s blockade of SSH

Posted by slayton on April 21, 2009

I have 2 computers a home computer and a work computer. I do a lot of work on both of them and being able to access files on one from the other is essential.  To do this securely I use SSH.  The only problem is that I can only SSH from my home computer to my work, but I can’t SSH in the other direction. I’ve done some reading around and it looks like comcast either blocks all incoming traffic that isn’t http related or actually has me sharing an IP with several people. Regardless, a lot of people have been having problems accepting incoming SSH connections with comcast.  I figured out how to get around this problem. All it takes is a little bit of reverse port forwarding, or reverse tunneling.

Here is how I did it.

I figured that I could create a connection from my home computer to my work computer and then tell my work computer to forward data down that connection back to my home computer.

This isn’t ideal as I have to initiate the connection from home but it will work until I get a better ISP, or figure out something better.

The solution is fairly simple to execute and it only requires two simple commands. The first one I must execute from my home computer before i go to work.

On my home computer I run:

ssh <work_ip_address> -R <work_port>:localhost:<home_port>

When I do this SSH creates a connection between my home and work computers, but this connection is special because any data that arrives on <work_port> (I chose 21080) gets automatically forwarded to <home_port> (22) on my home computer.

On my work computer I run:

ssh localhost -p <work_port>

SSH then tries to open a connection with my work computer on port <work_port> (again 21080) but because of the existing connection from my home computer that connections gets forwarded back to my home computer on port <home_port> (22) where my ssh server is listening for incoming connections.

The exact commands I use with port numbers are:

@home:ssh work_ip -R 21080:localhost:22

@work:ssh localhost -p 21080

UPDATE:

SSH eventually times out and closes the connection if no data is being sent over the connection so after I connected to my work computer from home I ran top. This means a constant stream of data and that SSH won’t timeout.


About these ads

This entry was posted on April 21, 2009 at 9:04 pm and is filed under How To, Linux, Stick it to the man. Tagged: , , , , , , , , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “How I got around Comcast’s blockade of SSH”

  1. direct payday loan companies said

    July 14, 2009 at 8:59 pm

    direct payday loan companies…

    Very usefull. Thanks! direct+payday+loan+companies…

  2. the echothis blog » What to do if your ISP decides to block outgoing SSH requests said

    August 3, 2010 at 8:55 pm

    [...] large files back and forth, or anything like that. And also, this is an outgoing connection, not an incoming one, so it’s 100% within the Comcast terms of use [...]

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

«
»
 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: