"Home office", or when you do not need to go to work

"Home office", or when you do not need to go to work

I have long dreamed about this, and then, finally, it happened! I can work at home and do (almost) everything that I usually do in the office. And I managed it because I configured Reverse SSH tunnel on my home server and learned how to manage this tunnel.

Continuing ...
')
In the office, I have to do this:

1. work with ORACLE (requests, procedures, etc.) - connection to servers is required (ports 1521, 1527)
2. work with UNIX (scripts, file copying, etc.) - telnet or SSH connection is required
3. office mail
4. communication with colleagues
5. view Habra and other places of interest

Due to the fact that my home provider provides me with a direct IP, and thanks to the courtesy of our network administrators at work, I have access to home from a working machine. I use this opportunity to access home laptops (I have 3) from work via VNC , as well as to copy files to the home server and back. Of course, at the entrance there is a router with NAT and other bells and whistles, which allows me to live beautifully to separate incoming connections.

But I do not have access from home to a working machine. Company security policy does not allow. VPN and other things (yet) are missing. Mom, mom, what will I do? Koo!

We set the task: to provide work on points (1-5) from home. At work - Windows, the work computer does not turn off. There is a Linux -based NSLU2 server at home . Apache is running on the server, its logs are available for reading and analysis.

Items 3, 4 and 5 are accessible from home by phone, browser and chat agent. But 1 and 2 in the usual way - no way.

And here comes the “sweet couple” - Putty from the side of the working machine (hereinafter - the client) and sshd from the home server (hereinafter - the server). Typically, the client opens a connection to the server via SSH and establishes a secure "tunnel". The initiator of the connection "there" is always the client.

I will not describe all the possibilities of SSH - we are only interested in one of them. It is possible to establish a so-called “reverse tunnel” - this means that the server transmits data to the specified port of the client, and the client can send this data further through its network.

What do we get by setting the “reverse tunnel”? And we will get access through this tunnel from the home network to the work network, i.e. ability to work with all servers that are usually accessible only from the working network. You only need to correctly configure the tunnel - which ports of the server lead to which addresses and ports of the client. This is done in the Putty settings when describing the connection.

It is not possible to keep such a tunnel constantly: breaks in the connection, and it is not always necessary. The solution is to establish a tunnel as needed (after drinking coffee at home and finally deciding to work). Yes, but there’s nobody at work? Who will launch Putty to raise the connection? Like who? Grandfather Pihto of course. Himself working comp and run, you only need to ask. But how? The work computer should read my thought “I want the connection to be established” and execute it.

The only thing left is to learn how to materialize your thoughts and teach the working comp to understand them. And then - it's simple.

I decided to materialize my thought into a regular text file. Yes, the thought should be simple and short. An! And the tigers sat down at my feet. - In the sense, "UP" - to raise the connection. “DN” - lower the connection. Briefly and clearly.

The client-server scenario looks like this:

1. Create a file (let's call it cmd-file) with one line of text (command) and put it on the home page so that the working computer can read and process the command.
2. We are waiting for the working computer to read the command (watching the Apache logs). When the GET request comes to download cmd-file from the working address, we can say that our team is received.
3. The working computer executes the command UP (raises the connection) or DN (breaks it).
4. After executing the command, the working computer requests from the homepage a cmd file with the additional parameter "? ANS". Having received GET, we can say that our team is successful.

The rest is to automate all processes on the client side (in the office) and on the server side (at home) - and that’s all, you can smoke bamboo to work from home.

The script for the client consists of a front-end (always running) and a back-end (running to execute the command), the script to manage from the server side is only one .

To make it work, you should run the front-end script on your work computer, and you can go home. By running the script on the server at home and specifying the UP command, we will receive in 1-2 minutes confirmation that the command has been completed. Everything, it is possible to begin working with working servers as if they were in the home network. When the work is completed, you should specify the DN command, and everything will turn off.

If the connection is broken, it will automatically rise in a couple of minutes by the work computer. If there is a connection but it doesn’t work, then you should execute the DN command and in a couple of minutes the UP command.

Future plans include setting up the PSTN <-> VoIP gateway, so that the work phone can be accessed at home. Well, as usual, the ultimate goal - the seizure of the universe.