SSH reverse tunnel daemon
|bin||bin/tund: obviously wrong remote server|
|etc||Add debian LSB-style init script.|
|LICENSE||Move docs to root.|
|README||Readme: clarify key path for testing.|
Tund (tunneling daemon) establishes a reverse SSH tunnel from some publically accessible computer to your own. In the event of theft or loss, you can log in to your machine as soon as it connects to the internet. It's also useful for machines behind a NAT you'd like to have a tunnel to. You need two computers: the local host (say, your laptop), and the remote host, which is on the internet. Tund will use SSH forwarding to connect a port on the remote host to a port on the local host. You can then ssh -p <some-port> remote.com to access your local host. First, edit the options in bin/tund. Install tund and generate a passwordless SSH keypair. I've included an upstart setup script for you, which should work on Ubuntu. local$ sudo bin/setup Create a user on the remote host remote# adduser --disabled-password --shell /bin/false tunnel remote# cd ~tunnel remote# rm .bash* .profile On the tunneling host, create .ssh/authorized_keys remote# mkdir .ssh remote# $VISUAL .ssh/authorized_keys and paste the public key into that file. Lock down the user's homedir remote# chown -R tunnel:tunnel ~tunnel remote# chmod 400 .ssh/authorized_keys remote# chmod 500 . .ssh Confirm that you can establish a tunnel: local$ ssh -vgN -i etc/tund/key -R 2222:localhost:22 email@example.com You can re-run bin/setup any time to make changes. I suggest leaving a honeypot account available on your local machine. It will encourage laptop thiefs to use the machine as-is. When they connect it to the network, you'll be able to recover it. Conversely, any user capable of running a privilege escalation attack has already won, when physical access is available.