3

I have a CentOS7 machine that is protected by firewall, I can only connect via ssh outside. I want to do yum upgrade on that server to upgrade the package. How can I do that? (we haven't got privileges to control the firewall)

Improve this question
4
  • Please clarify what you mean by "can only connect via ssh outside". Do you that you can only ssh from the CentOS machine? Or do you mean that you can only ssh into the CentOS machine? If it's the former, then consider ssh tunneling to another ssh capable host outside the firewall. If it's the latter, then it shouldn't affect it. Commented Feb 3, 2016 at 12:27
  • I means: 1.server place in a private network. 2. I can access this server via ssh cross the firewall(then map the 22 port to a specifiec port on internet ip) 3.server couldn't access internet and other server on this private network(include use ssh to access other machine use ssh on this server), and we have no more server in this private network Commented Feb 3, 2016 at 12:43
  • Can you ssh out to the internet from the machine? Commented Feb 3, 2016 at 13:05
  • @Will No, it can't. It can access a dbserver from this machine only. Commented Feb 3, 2016 at 13:07

3 Answers 3

Reset to default
3

Here's what I would do. So, you can SSH to the server (let's call it server, from your machine; let's call it workstation.

  • Set up an HTTP Proxy like Squid on workstation, listening on localhost:8080.

  • From workstation, open a reverse SSH tunnel to server:

    ssh -R 8080:localhost:8080 user@server

  • Configure yum on server to use localhost:8080 as a proxy.

  • yum will now access the internet via the the SSH Tunnel through workstation.

You can test your configuration like this:

wget -e use_proxy=yes -e http_proxy=127.0.0.1:8080 http://someurl.example.com/

See this question and answers for more information! :)

Improve this answer
0
0

If SSH is enabled SCP should work as well.

Depending on what you need to update you can download the newest CentOS release, SCP it to your server and configure YUM to use the repo in the new release. Then yum update with grab the packages from the new release.

This is a simple way if you only need new CentOS packages, if you have other 3rd party software it can be a hassle to collect them all.

Improve this answer
2
  • the whole yum repo is 15TB, so I just want to find a way that update system or install software easily but source compile. Commented Feb 4, 2016 at 2:43
  • Was this system always isolated from the internet? If so how did you do your initial install? There should be an updated version of the base/everything/minimal CentOS that you can use. If you've used an extra repo like EPEL then transferring that is not feasible for you. Commented Feb 4, 2016 at 11:17
-1

If you can SSH into the server, that means your firewall ports you to the server. But I can't possible belive that you use a oneway-er. So if you can go into the server, you should be able to yum upgrade with ease. Try this: What is the output of: wget http://ipinfo.io/ip -qO - Or better question: What is the output of the yum upgrade?

Improve this answer
2
  • "Error: Cannot find a valid baseurl for repo: base" when run yum upgrade. Because this server can access dbserver in private network only Commented Feb 3, 2016 at 13:15
  • network administrator disable this server access other server and let us access only use ssh is too easily Commented Feb 3, 2016 at 13:18

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.