-
Notifications
You must be signed in to change notification settings - Fork 2
/
README
73 lines (52 loc) · 3 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
Airhook version 2 source distribution, copyright 2003 Dan Egnor
Please see https://web.archive.org/web/20160507155624/http://airhook.ofb.net/ for general information about Airhook.
------------------------------------------------------------------------------
BUILDING
There's no autoconf or automake or libtool here, just a very simple Makefile
you can edit to suit your system. When you're done, "make" and "make install"
(or "make install PREFIX=/my/install/prefix") should work. Let me know at
[email protected] if it doesn't.
PROXY
Unless you're planning to write code against the Airhook library, the
only interesting program will be "airproxy", which acts as a gateway between
TCP and Airhook/UDP. Its usage message ought to be self-explanatory, but
here's a simple example describing how you might tunnel an SSH connection:
[on server machine]
airproxy -l 8022 -o 22 &
[on client machine(s)]
airproxy -i 12345 -r serverhost:8022 &
ssh -v -p 12345 localhost
Note that a single 'airproxy' is capable of carrying many TCP connections.
The ports '8022' and '12345' can be anything you want (subject to the usual
restrictions on reserved ports < 1024).
To amuse yourself, create one SSH-over-Airhook link and one ordinary SSH link.
Disable your network (e.g. unplug the cable) for a few minutes. Verify
that neither link is working (hit Enter, get no response). Now plug the
network back in. The Airhook link should recover within a second or two.
See how long it takes the other link to wake up again.
INETD
The airproxy program can also run under inetd; to match the above example,
kill off airproxy and add the following to both machines' /etc/services:
airssh 8022/udp
airssh 12345/tcp
Then add this to the server's /etc/inetd.conf (and HUP inetd):
airssh dgram udp wait root /path/to/airproxy airproxy -o ssh
Then add this to the client's /etc/inetd.conf (and HUP inetd):
airssh stream tcp nowait root /path/to/airproxy airproxy -r serverhost:airssh
Then, as before, you can run "ssh -v -p 12345 localhost" on the client.
NOTES
If you want to tunnel HTTP, you should run a (possibly very simple) HTTP
proxy on the server and tunnel the link to that from the client. The client
side of an HTTP tunnel should not run from inetd, or the rapid creation of
connections during normal Web activity will cause inetd to conclude that the
service is "looping" and disable it.
Be careful with SSH tunnels; since the SSH client doesn't know who it's
really connecting to, management of the known_hosts file can be messed up.
Airhook does not encrypt. Use Airhook-over-IPsec or SSH-over-Airhook if
you need authentication or privacy.
If you want to learn how to use the Airhook library, "aircat" is a good
simple example to start with.
------------------------------------------------------------------------------
This software comes with ABSOLUTELY NO WARRANTY. You may redistribute it
under the terms of the GNU General Public License, version 2.
See the file COPYING for more details.