Mktrojanhorse

This will make a linux machine into a Trojan Horse, and by that I mean we'll add a line to rc.local that starts autossh to create a reverse tunnel

Download as .zip Download as .tar.gz View on GitHub

mkTrojanHorse

This will make a linux machine into a Trojan Horse, and by that I mean we'll add a line to rc.local that starts autossh to create a reverse tunnel This enables you to connect back to this machine no matter where it pops up on the internet at large, despite its many nefarious uses, this is my preferred method for accessing a raspberryPi remotely when you put it up behind a consumer internet connection i.e. dynamic IP address and NAT firewall I, also, put this sort of thing on my mom's computer so that I can update her machine or give her other tech support from afar.

Usage

First put up a ssh host that both you and the raspberryPi are keyed for, log in from both to ensure it is added to known_hosts etc

Then just just use the default recipe

make trojan

you will be prompted for everything else.

~/.ssh/config additions

I put this in my ~/.ssh/config

Host remotePi
  User root
  ForwardAgent yes
  Hostname 127.0.0.1
  Port 12345
  ProxyCommand ssh -q -W  %h:%p -p2222 root@remotessh.example.com

Now you can login to pi like this ssh remotePi

NSFW

This is Not Safe For Work, it is very appropriate in certain situation and can be used without punity, but make sure both management and the heads of IT understand and give you permission for this one BEFORE you implement this.

My intended use is to be able to log into a remote raspberryPi and pull down updated code, reconfigure things, etc. This can also be used to break into corporate firewalls so you can chat like you are at work after you've gone home and other nasty uses, so it's best to be very clear about usage with the owners of any network before implementing this.

That being said, it is also really hard to detect and prove, as you cannot distinguish this connection from another outbound ssh connection to the same machine that does not have the reverse tunnel inside of it.

However, if someone has access to the internal machine a quick ps aux|grep ssh will show something like this:

 root       283  0.0  0.1   1724  1192 ?        Ss   13:46   0:00 /usr/lib/autossh/autossh -M 66666 -N    -o PubkeyAuthentication=yes -o PasswordAuthentication=no -i /root/.ssh/id_ecdsa -R

There are many other ways your own machine can rat you out.

You've been warned, use this on machines and networks that you are the owner/administrator of only to be safe.

For example, the opposite seems totally appropriate to me, i.e. not to access work computers from home, but rather to access home computers from work. e.g. if you were to access a raspberryPi on your home network from behind a dynamic IP + NAT firewall using this method from your work computer. Say to mount your music collection via sshfs. But again, if in doubt talk to your management.

OctoSSH

I leave this docker container up on a static IP, and that is my remote jump box it usually runs on a nonstandard port (i.e. like 2222), 

docker run -it -e -p22:2222 KEY_URL=https://raw.githubusercontent.com/WebHostingCoopTeam/keys/master/keys joshuacox/octossh

Notice you can fork my 'keys' repo and remove all the keys, or create your own where there is a file 'keys' that contains valid ssh keys

Now when you make trojan the remote ssh host information will be for the above jump box

For more related errata:

joshuacox.github.io