2

I have SSH access to a *nix system over a VPN. I need to install some packages from the distro's repos to that system but that system does not have general access to the internet to reach the repos.

Using only SSH, can I set up reverse forwarding or proxying from the remote system through my local system and out to the internet?

Freiheit
  • 9,579
  • 2
  • 17
  • 17
  • Are you using APT or YUM? Here's APT: http://unix.stackexchange.com/questions/78335/apt-get-via-ssh-tunnel-if-only-port-22-is-allowed – slm Mar 21 '14 at 14:13
  • This is YUM / RPM based. – Freiheit Mar 21 '14 at 14:37
  • 2
    You can typically set a `HTTP_PROXY` environment variable and `FTP_PROXY` variable to point to a server that's your proxy to the internet with YUM. – slm Mar 21 '14 at 15:34

1 Answers1

1

Yes. But unless there's a very good reason, I'd recommend against it. Usually there will be some reason why the system does not have general access to the internet, and in that case it's better to download the RPMs to your own system, then upload them to the server and use rpm to install them from the uploaded files. Or, if this is a common occurrence, set up a proxy repository server and allow the sensitive servers to access that one instead.

However, here's how you'd do it if you do have to.

On the remote system, change the repository information for the official distribution so that it points to port 8080 (or some other unused port). Add a line to /etc/hosts so that the name of the repository server points to 127.0.0.1.

On your own server, start an SSH tunnel. It should do forwarding of port 8080 on the target system to port 80 on the repository server. 

ssh -R 443:repository.example.org:80 theserver
Jenny D
  • 13,022
  • 3
  • 38
  • 54