Check also Some screenshots...
Go to RevSH Maemo page for some Nokia 770 Internet Tablet spesific information.
Reverse Shell 1.93 (2006/11/23) Short A tool to create Secure/Remote shell tunnel and then start commands/shells on tunnel destination machine to be executed on tunnel originating machine. Warning Is is quite easy to weaken the security of your network with this tool (like make holes to a firewall). Know what you are doing when using this tool. Usage Usage: revsh [-d] [-l username] host command With command `shell' interactive shell session is started. If 'host' is ssh2, ssh, lsh or rsh, then that "host" is used as tunnel creation command instead and rest of the arguments are given to that command (-l username is then in format -l user[@host]). The option -d is only used with tunnel creation command; program goes background after tunnel successfully created. Read ssh2(1), ssh(1), lsh(1), rsh(1) manual pages for companion information. RevSH limitations revsh (it was then revcmd) was originally a quick & dirty tool to access CVS repository through a firewall so that ordinary users could grant the access by just running revsh to create a tunnel. Not much thought was given on design. (Not!) suprisingly, it still took more time to get simplest things working that was originally thought. * No flow control. Revsh provides multiplexed data "pipes" but doesn't control the traffic. So one datastream can make other "connections" work jerky. This usually isn't a problem. If program that receives data blocks reading for longer than 900 ms it will be killed. (originally this limit was 50ms, but Nokia 770 could not handle that). To fix this would require rewrite of big parts of the code. * Communication between revsh-client and revsh-forwarder (the revsh components running on remote host where revsh tunnel is created... is (also) just simple datastreams; client cannot receive any "metadata", like program exit values or so on. Also client cannot provide window size changes, signals or anything to the commands running under revsh-server. Using some communication protocol between revsh-cliend and revsh-forwarder could be used to fix this. This requiress much less rewrites as in above. * Currently revsh-client and revsh-forwarder parts can only be run on Linux system since other OSses does not return POLLHUP in .revents. revsh-server (i.e. revsh tunnel originating component) can be run on other OSses than linux Using communication protocol like above could be used to fix this issue as well. * revsh-shell does not have escape character. Requires revsh-client tunes. There are options to avoid no-flow-control problems, but implementing flow control would definitely help here. * The system is limited to 125 multiplexed "connections" through one revsh tunnel connection. Should not be a big problem. * Program requires openpty() function to compile. It would not be too difficult to copy openpty() implementation and compile that when there is no support by some libraries around. Good candidates where to copy are dtach(1) and ssh(1) source code. Nevertheless, RevSH is perfectly suitable for the usual cases users needs it. Quick start (orig: commands executed on tunnel originating machine, dest: commands executed on tunnel destination machine) orig 1 $ wget http://www.iki.fi/too/sw/revsh/revsh.c orig 2 $ sh revsh.c orig 3 $ cp revsh /path/to/bindir/in/PATH/ --- dest 1 $ wget http://www.iki.fi/too/sw/revsh/revsh.c dest 2 $ sh revsh.c dest 3 $ cp revsh /path/to/bindir/in/PATH/ --- orig 4 $ revsh ssh2 dest --- dest 4 $ revsh orig ls dest 5 $ revsh orig shell dest 6 $ SVN_SSH=revsh svn co svn+ssh://orig/path/to/svn/projects/revsh --- (ctrl-c on orig machine) orig 5 $ revsh -l foo@bar ssh2 dest --- dest 7 $ revsh -l foo bar ls dest 8 $ revsh foo@bar hostname Program description In order to work, revsh has the following 4 modes of operation: revsh_server: "Server" mode. This mode is chosen when ssh2, ssh, lsh or rsh is given as host (fsh could be added too, but...;). In this mode, tunnel to remote host is created and then program starts waiting for messages from frontend. revsh_forwarder: In this mode revsh is started as tunnel endpoint to revsh_server. This mode is chosen when environment variable REVSH_DAEMON_SOCKET_FILE is defined. revsh_server sets this up when creating tunnel with the following trick (compare to orig 5 $ above): ssh2 dest REVSH_DAEMON_SOCKET_FILE=foo@bar revsh revsh_client: In this mode revsh works like ssh2, ssh, lsh and rsh works normally. This mode is chosen if neither of the above (and the next) modes is not. revsh tries to connect to the unix socket in file /tmp/revsh-Ps. Not XHTML just yet ;// @ and if succeeds, expects to be communicating with revsh_forwarder. After version check it passes the command line arguments to revsh_forwarder. revsh_forwarder in turn, creates "channel" with revsh_server, passes given information for revsh_server to be executed and passes input/output(/error) streams between revsh_server and revsh_client so that reverse shell works as much like secure shell and remote shell. revsh_shell: This is a special mode, which purpose on tunnel destination machine is to restrict access to revsh_front only. This mode is chosen when SHELL environment variable contains string "revsh". This happens when user shell in /etc/passwd contains full path to revsh instead of standard shell, like bash or zsh. I have the following in my /etc/passwd: too:x:501:501:Tomi Ollila:/p/home/too:/bin/zsh toorcmd:x:501:501:Tomi Ollila RevSH:/tmp/revsh-501:/p/bin/revsh With secure shell authorization keys I can ask users to create tunnel for me, without allowing to execute anything else on my machine. TODO - Reporting exit values of commands / shells. - Info remote program about window size change (when in shell mode). - Have escape character when in shell mode in revsh_command. - Change revsh_client HANGUP checking to support other than Linux. - Implement openpty() for systems it doesn't have one. - Shell mode should be possible without giving 'shell' on command line. - That's all for now. Add more documentation is the last TODO entry. 2006/02/02 Tomi Ollila