Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "ssh tunnel"
-
This is super childish but it's the gameserver insidstry and karma is a bitch.
TLDR: I hacked my boss
I was working for a gameserver and I did development for about 3 months and was promised pay after the network was released. I followed through with a bunch of dev friends and the guy ended up selling our work. He didn't know that I was aware of this as he tried to tell people to not tell us but one honest person came forward and said he sold our work for about 8x the price of what he owed ALL OF US collectively.
I proceeded to change the server password and when he asked why he couldn't log in I sent him an executable (a crypted remote access tool) and told him it was an "encryption tunnel" that makes ssh and file transfers secure. Being the idiot that he is he opened it and I snagged all of his passwords including his email and I changed them through a proxy on his machine to ensure I wouldn't get two factored with Google. After I was done I deleted system 32 :337 -
TL;DR Dear boss, firstly, you always get someone to review anything important done by a fucking intern.
Secondly, you do not give access to your fucking client's production server to an intern.
Thirdly, you don't ask your fucking intern to test the intern's work that has not been reviewed by anyone directly on your client's fucking production server.
Last week, the boss and one of the lead devs (the only guy with some serious knowledge about systems and networking) decided to give me (an intern who barely has any work experience) the task of fixing or finding an alternate solution to allowing their support team access to their client machines. Currently they used a reverse SSH tunnel and an intermediary VH but for some reason, that was very unreliable in terms of availability. I suggested using OpenVPN and explained how it would work. Seemed to be a far better idea and they accepted. After several days of working through documentations and guides and everything, I figured out how OpenVPN works and managed to deploy a TEST server and successfully test remote access using two VMs. On seeing my tests, the boss told me that he wanted to test it on the client network. I agreed. Today he comes to me and he tells me to prepare testing for tomorrow and that the client technician is going to give me access to one of their boxes. And then he adds, "It's a working prod server. We'll see if we can make it work on that" and left. I gaped at him for a while and asked another dev guy in the room if what I heard was right. He confirmed. Turns out, the lead dev and the boss's son (who also works here) had had a huge argument since morning on the same issue and finally the dev guy had washed it off his hands and declared that if anything goes wrong from testing it on production, it's entirely the boss's own fault. That's when the boss stepped in and approached me. I ran back to his office and began to explain why prod servers don't top the list of things you can fuck around with. But he simply silenced me saying, "What can go wrong?" and added, "You shouldn't stay still. You should keep moving". Okay, like firstly what the fuck and secondly, what the fuck?.
Even though OpenVPN client is not the scariest thing to install, tomorrow's going to be fun.4 -
The coolest project I ever worked on wasn't programming per second, though it involved a bit of scripting. The company I worked for had an FTP over TLS backup solution and it was put together with glue and paperclips by a guy that hadn't the slightest idea what he was doing. In order to conform with the insurance, data had to be encrypted. I setup a raid-ed server with full disk encryption on the raid volume that fetched the key over the network at boot from another secure server. I wrote a series of scripts for provisioning users and so on. The backup connections was sftp using a ssh tunnel, the users were chrooted to their own home directories, and were unable to open shells. The system was 100x more robust and secure than the original. I set it up on short notice and received absolutely no recognition for saving the company's ass, but it was definitely a fun project.1
-
How our MIS/IT department handles problems...
Once upon a time a long time ago, a C level suit opened ransomware from an email with a link in it via Dropbox.
Two years in, even the marketing department, who are all using iMacs for digital media creation, inbound marketing, and website development, and alsohave more common sense than the lowly Excel minions, are still blocked from using Dropbox.
Thank god for Socks5 Proxying and an SSH tunnel to our web server. ;) I can has all the things.1 -
I JUST CAN NOT UPDATE THAT ONE SERVER TO DEBIAN 9
- it has no /dev/sda but a /dev/ploopXXXXX which is mounted as / but I can't see it
- uname says it's Linux 2.6.32-042stab126.2 and it says Debian some lines later in the ssh login
- there is no boot loader (I can't find it)
- lsb_release tells me it's running Debian 9.6 stretch, I put stretch into the apt sources
- in /boot there are 2 different versions: 3.16.0-7-amd64 and 4.9.0-8-amd64
- and I do not have physical access to it
WHAT THE FUCK AM I SUPPOSED TO DO?!
I wanted to install OpenVPN on it but that Linux Version doesn't support the Tunnel Interface /dev/net/tun8 -
Does anyone else here use PuTTY to SSH into a linux server and then create a tunnel into a Windows PC on that local network for remote desktop to pass through.5
-
!!THE WORLD IS COMING APART!!
How in gods name did Putty manage to map a SSH tunnel to port 83306 and MySQL Workbench just didn't care and worked?!?!3 -
THEY FORCE ME TO USE PHPMYADMIN THROUGH THEIR INTERFACE. I CAN'T CONNECT WITH DBEAVER. THEY EVEN BLOCK ACCESS THROUGH SSH TUNNEL. WHAT THE ACTUAL FUCK. FUCK YOU ONE.COM. FUCK YOU REAL HARD.1
-
Not really hacking, but every time I work from home(a couple times a week), in lieu of using my company's VPN, I connect to the company network with an SSH reverse tunnel. To make this possible, I wrote a port knocker that runs in a tmux session on a server inside the network. It tries to connect to a high-numbered port on my home machine, and if successful it opens the reverse tunnel. At home, I manually run a script that opens that port and informs me when the reverse tunnel is established.
Then I open an SSH socks5 proxy and use that in my Firefox dev edition, which I use entirely for work.
This is actually much easier than using the actual VPN. -
## Learning k8s
Interesting. So sometimes k8s network goes down. Apparently it's a pitfall that has been logged with vendor but not yet fixed. If on either of the nodes networking service is restarted (i.e. you connect to VPN, plug in an USB wifi dongle, etc..) -- you will lose the flannel.1 interface. As a result you will NOT be able to use kube-dns (because it's unreachable) not will you access ClusterIPs on other nodes. Deleting flannel and allowing it to restart on control place brings it back to operational.
And yet another note.. If you're making a k8s cluster at home and you are planning to control it via your lappy -- DO NOT set up control plane on your lappy :) If you are away from home you'll have a hard time connecting back to your cluster.
A raspberry pi ir perfectly enough for a control place. And when you are away with your lappy, ssh'ing home and setting up a few iptables DNATs will do the trick
netikras@netikras-xps:~/skriptai/bin$ cat fw_kubeadm
#!/bin/bash
FW_LOCAL_IP=127.0.0.15
FW_PORT=6443
FW_PORT_INTERMED=16443
MASTER_IP=192.168.1.15
MASTER_USER=pi
FW_RULE="OUTPUT -d ${MASTER_IP} -p tcp -j DNAT --to-destination ${FW_LOCAL_IP}"
sudo iptables -t nat -A ${FW_RULE}
ssh home -p 4522 -l netikras -tt \
-L ${FW_LOCAL_IP}:${FW_PORT}:${FW_LOCAL_IP}:${FW_PORT_INTERMED} \
ssh ${MASTER_IP} -l ${MASTER_USER} -tt \
-L ${FW_LOCAL_IP}:${FW_PORT_INTERMED}:${FW_LOCAL_IP}:${FW_PORT} \
/bin/bash
# 'echo "Tunnel is open. Disconnect from this SSH session to close the tunnel and remove NAT rules" ; bash'
sudo iptables -t nat -D ${FW_RULE}
And ofc copy control plane's ~/.kube to your lappy :)3 -
Fuck TeamViewer.
I've been using it to control my home PC desktop from remote for a few years now (booted PC via Wake-On-LAN, done stuff, shutdown). I started using Chrome Remote Desktop a while ago too, but its ports are blocked at work, so I had to rely on TV some more.
Recently TV more often told me that I was offline (but I wasn't) and more importantly they started blocking my connections due to "commercial usage" (it's my private shit, yo), so now I've moved on to RDP via SSH.
That really makes me feel relieved as I wanted to move away from it for a while now anyways and SSH tunnels also are the real shit.
Today was a good day.3