AW: ssh -R only listening on lo
From: Miro Dietiker, MD Systems (info_at_md-systems.ch)
Date: 09/16/05
- Previous message: Miro Dietiker, MD Systems: "AW: audit perspective: proof that all connections are encrypted"
- In reply to: David Wolever: "ssh -R only listening on lo"
- Next in thread: Micha Borrmann: "Re: ssh -R only listening on lo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'David Wolever'" <wolever@ftml.net>, <secureshell@securityfocus.com> Date: Fri, 16 Sep 2005 07:57:09 +0200
Hi David
I ever used only localhost-Fort forwarding and was lucky that this was
enforced by default! But you're right, if we like to have a a public
local port forwarded (available to any specified/unspecified host on
local net) ...
Watch man ssh_config:
GatewayPorts
Specifies whether remote hosts are allowed to connect to local
forwarded ports. By default, ssh binds local port forwardings
to
the loopback address. This prevents other remote hosts from
con-
necting to forwarded ports. GatewayPorts can be used to
specify
that ssh should bind local port forwardings to the wildcard
address, thus allowing remote hosts to connect to forwarded
ports. The argument must be ``yes'' or ``no''. The default
is
``no''.
This topic could be also defined by the server (and need in your case)
Now define it ad-hoc this way (other direction):
ssh -o GatewayPorts=yes -L PORT:HOST:REMOTEPORT HOST
I found a description of such a specific setup via google:
http://www.akadia.com/services/ssh_connect_tunnels.html
A short test I did worked perfectly! :-) So have fun!
(Machine a does a tunnel to b and machine c connects over that tunnel
via a to b)
GrEeZ!
+-------------------------------+ +-------------------------------+
| Miro Dietiker | | MD Systems Miro Dietiker |
| Dipl. Ing. FH Elektrotechnik | | Alte Zürcherstrasse 10 |
| | | 8903 Birmensdorf |
| | | |
| Mobile: +41 (0)78 707 30 10 | | Geschäft: +41 (0)43 344 03 56 |
| | | Fax: +41 (0)43 344 03 57 |
| m.dietiker@md-systems.ch | | info@md-systems.ch |
| | | www.md-systems.ch |
+-------------------------------+ +-------------------------------+
-----Ursprüngliche Nachricht-----
Von: David Wolever [mailto:wolever@ftml.net]
Gesendet: Freitag, 16. September 2005 01:57
An: secureshell@securityfocus.com
Betreff: ssh -R only listening on lo
Hey,
I was playing around with `ssh -R` last night, and found
that (even with -g, if that switch applies to this) ssh
would only listen on the loop-back (127.0.0.1) address.
This means I can't connect back down the tunnel from the
server to the client from anywhere except the server.
The command line I used was:
ssh -vgR 8888:mylaptop:80 myserver
I looked through the verbose output and couldn't find much
useful information.
Is this something I'm doing wrong, or is this the way things
are supposed to be? Is there a way I could work around it
(with out starting ANOTHER tunnel the other way using -L
from the remote host, that is >_~)?
On my laptop, ssh -v gives me:
OpenSSH_3.8.1p1, OpenSSL 0.9.7g 11 Apr 2005 (this is on a
machine running OSX 10.4)
On my server, ssh -v says:
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
Thanks,
David
-- David Wolever - http://wolever.net/~wolever AIM: davidswolever MSN: david@wolever.net P: 416-769-0318 C: 416-906-0403 "Without payment you have received; without payment you are to give." (Mat 10:8 ISV)
- Previous message: Miro Dietiker, MD Systems: "AW: audit perspective: proof that all connections are encrypted"
- In reply to: David Wolever: "ssh -R only listening on lo"
- Next in thread: Micha Borrmann: "Re: ssh -R only listening on lo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
