RE: Binding ssh to a loopback address

From: Stephen Cooke (KN) (stephen.cooke_at_telewest.co.uk)
Date: 05/09/05

  • Next message: Eloi Granado: "Re: bash_logout and sftp" 
    To: "'Logu'" <logsnaath@gmail.com>, secureshell@securityfocus.com
Date: Mon, 9 May 2005 17:09:13 +0100

    I have the following as web proxy server lives somewhere deep in the network
    totally blocked from use by normal access,
    I have found that if you put the -N option and -f it allows the startup of
    the box to call the forward.( without it you get some odd results)

    /etc/rc3.d/S99zforward
    su - <ID> -c "ssh -f -N -L8080:<PUBLIC>:8080 localhost -g -l <ID>"

    replace <ID> with a none root localuser.
    replace <PUBLIC> with the IP you wish to forward to.

    -L listen-port:host:port Forward local port to remote address
    -l user Log in using this user name.
    -f fork into background after authentication.
    -N Do not execute a shell or command
    -g globally advertize the port ( required for other machines)

    good luck and dont do the forward as root unless you have to.

    -----Original Message-----
    From: Logu [mailto:logsnaath@gmail.com]
    Sent: 07 May 2005 05:19
    To: secureshell@securityfocus.com
    Cc: CP Lim
    Subject: Re: Binding ssh to a loopback address

    >I was trying to forward a remote port to one at local (but not 127.0.0.1)
    >by doing :
    >
    > ssh -b 127.0.0.2 -L80:localhost:80 remotehost
    >
    > but got :
    >
    > ssh: connect to host d2 port 80: No route to host
    >

    I think you should have an interface with IP 127.0.0.2 up before doing the
    port forwarding. 

    -- 
Internal Virus Database is out-of-date.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.8.4 - Release Date: 27/03/2005
 
-- 
Internal Virus Database is out-of-date.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.8.4 - Release Date: 27/03/2005
 
------------------------------------------------------------------------------
Altogether Better
www.telewest.co.uk
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.
Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer.
==============================================================================
  • Next message: Eloi Granado: "Re: bash_logout and sftp"