PDA

View Full Version : [ubuntu] apt-get via ssh tunnel



nuckymcnuck
December 17th, 2008, 06:39 PM
Is it possible to update apt via an ssh tunnel?

I have a server - Alice lets say - on a network with a public internet IP address (140.x.x.x), it's also connected to a private switch (192.168.0.2).

I recently got Bob, a new server (Ubuntu 8.04 x64) which I don't want to have a public IP.

How would I tunnel the apt-get through Alice to get to Bob?

Thanks

Dr Small
December 17th, 2008, 06:48 PM
If Alice and Bob are on the same network, ssh into Alice via the pubilc IP address, (you are now on the local network) and then ssh into Bob's private IP to run any commands you wish.

nuckymcnuck
December 17th, 2008, 06:59 PM
Thanks for the swift reply, but sshing from Alice to Bob via the Public IP, then running apt-get on Bob still throws up "Could not resolve 'security.ubuntu.com'" on apt-get

doobiest
December 17th, 2008, 07:05 PM
I would do one of 3 things.

Is there a specific reason why Bob doesnt have internet access? Like is that intentional for security or something?

1) If not, set up NAT between Alice and Bob. So that bob will route traffic to alice then to the net.

2) Set up a VPN from Alice to Bob and use alice as the default gateway, which should route all internet traffic through the vpn then to the internet

3) Pretty sure apt just does wgets over port 80 so you could do an ssh tunnel forwarding port 80 but I really dont think that'll work. port forwarding is more so for forwarding traffic directed to localhost:port to a destination on the ssh server's network.

nuckymcnuck
December 17th, 2008, 07:28 PM
Intentional, I want to restrict access... plus I don't want to fill out the paper work.

How would one setup a VPN?

doobiest
December 17th, 2008, 07:31 PM
I'll see if I can google a tutorial after lunch. But seriously if both computers are on the same internal network you'd be way better off to do nat translation. Which is just configured between those two boxes, nothing else required so I'm not sure why you'd need to do paperwork for something like that.. assuming it's for work.

nuckymcnuck
December 17th, 2008, 08:27 PM
Which ever you think is easiest. The machine will just be running GIMPS, and since our office is closing on Friday for the holidays I want to have everything setup nice and neatly before relaxing!

doobiest
December 17th, 2008, 08:29 PM
This article should do it.

http://ubuntuforums.org/showthread.php?t=91370

nuckymcnuck
December 17th, 2008, 08:34 PM
Thanks!

doobiest
December 17th, 2008, 08:36 PM
Yup and keep in mind this can be a temporary or permanent setup depending on what you want. And if you really want to restrict internet access you could read up more about iptables and make it so the only internet traffic allowed is to the ubuntu repositories for updates

cdenley
December 17th, 2008, 08:48 PM
Install privoxy (might be a little difficult without internet)


sudo apt-get install privoxy

Add this line to /etc/privoxy/config:


forward-socks4 / localhost:8080 .

restart privoxy


sudo /etc/init.d/privoxy restart

Now you're all set. To establish your tunnel and use it with apt:


ssh -D 8080 myserver
export http_proxy=http://127.0.0.1:8118
sudo apt-get update
sudo apt-get upgrade