Re: Question about config SSH server, to restrict Port Forwarding

From: Brian Hatch (
Date: 08/03/03

  • Next message: mentus: "RSA authentication problem"
    Date: Sun, 3 Aug 2003 11:28:31 -0700
    To: "Jie C. Huang" <>

    > ssh -R 9001:Alice:5900 Bob
    > This will result in allocating a socket to listen to
    > port 9001 on the remote machine Bob, and whenever a
    > connection is made to Bob:9001, the connection is
    > forwarded to Alice:5900.
    > Ok, now the question is:
    > I wish to restrict the "whenever a connection to Bob:9001"
    > to "only from localhost (Bob)"
    > meaning that, you can't "telnet Bob 9001" from anywhere
    > outside machine Bob. You can only do it from Bob.

    In OpenSSH, this is the default. The port on bob
    will listen only on localhost, so you'd only be able
    to connect to it from bob.

    desktop$ ssh -R 9001:whatever:5900 bob

    bob$ netstat -natp|grep 9001
    (Not all processes could be identified, non-owned process info
     will not be shown, you would have to be root to see it all.)
     tcp 0 0* LISTEN -

    desktop$ telnet bob:9001
    telnet: Unable to connect to remote host: Connection refused

    Brian Hatch                  "Packet-Filtering Barbie."
       Systems and               - Failed attempt by Mattel
       Security Engineer           to get into the computer      security world, before
                                   buying CyberPatrol.
    Every message PGP signed

  • Next message: mentus: "RSA authentication problem"