AW: ssh -R only listening on lo

From: Miro Dietiker, MD Systems (
Date: 09/16/05

  • Next message: Micha Borrmann: "Re: ssh -R only listening on lo"
    To: "'David Wolever'" <>, <>
    Date: Fri, 16 Sep 2005 07:57:09 +0200

    Hi David

    I ever used only localhost-Fort forwarding and was lucky that this was
    enforced by default! But you're right, if we like to have a a public
    local port forwarded (available to any specified/unspecified host on
    local net) ...

    Watch man ssh_config:
              Specifies whether remote hosts are allowed to connect to local
              forwarded ports. By default, ssh binds local port forwardings
              the loopback address. This prevents other remote hosts from
              necting to forwarded ports. GatewayPorts can be used to
              that ssh should bind local port forwardings to the wildcard
              address, thus allowing remote hosts to connect to forwarded
              ports. The argument must be ``yes'' or ``no''. The default

    This topic could be also defined by the server (and need in your case)

    Now define it ad-hoc this way (other direction):

    ssh -o GatewayPorts=yes -L PORT:HOST:REMOTEPORT HOST

    I found a description of such a specific setup via google:

    A short test I did worked perfectly! :-) So have fun!
    (Machine a does a tunnel to b and machine c connects over that tunnel
    via a to b)


    +-------------------------------+ +-------------------------------+
    | Miro Dietiker | | MD Systems Miro Dietiker |
    | Dipl. Ing. FH Elektrotechnik | | Alte Zürcherstrasse 10 |
    | | | 8903 Birmensdorf |
    | | | |
    | Mobile: +41 (0)78 707 30 10 | | Geschäft: +41 (0)43 344 03 56 |
    | | | Fax: +41 (0)43 344 03 57 |
    | | | |
    | | | |
    +-------------------------------+ +-------------------------------+

    -----Ursprüngliche Nachricht-----
    Von: David Wolever []
    Gesendet: Freitag, 16. September 2005 01:57
    Betreff: ssh -R only listening on lo


    I was playing around with `ssh -R` last night, and found

    that (even with -g, if that switch applies to this) ssh

    would only listen on the loop-back ( address.

    This means I can't connect back down the tunnel from the
    server to the client from anywhere except the server.
    The command line I used was:

    ssh -vgR 8888:mylaptop:80 myserver
    I looked through the verbose output and couldn't find much

    useful information.

    Is this something I'm doing wrong, or is this the way things

    are supposed to be? Is there a way I could work around it

    (with out starting ANOTHER tunnel the other way using -L

    from the remote host, that is >_~)?

    On my laptop, ssh -v gives me:
    OpenSSH_3.8.1p1, OpenSSL 0.9.7g 11 Apr 2005 (this is on a
    machine running OSX 10.4)
    On my server, ssh -v says:
    OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004



      David Wolever -
      AIM: davidswolever MSN:
      P: 416-769-0318 C: 416-906-0403
      "Without payment you have received; without payment you are to give."
           (Mat 10:8 ISV)

  • Next message: Micha Borrmann: "Re: ssh -R only listening on lo"

    Relevant Pages

    • Re: What is The SSH?
      ... Building and Using SSH Tunnels ... What is an SSH tunnel? ... how to use it to make a connection to a server. ... You will need a working SSH client and server installation to build and test ...
    • Re: reverse shell session
      ... I want to open a session on a client that connects to my server and makes ... a tunnel. ... You may ask why i want to do that, well the remote machine is behind a ... You could run an ssh server on the machine that's behind the FW on some ...
    • Re: "reverse" SOCKS with Putty
      ... I wish to make a tunnel in order to "forward" the LAN to my home ... there are no SSH servers on the network used to play at school. ... by the server to unilaterally set up forwarded connections, ... tunnels for your application in your SSH client. ...
    • Re: [kde-linux] Sound over ssh?
      ... There are of course, easier ways than to tunnel the stream using SSH, but I ... set up 'some kind' of server. ...
    • Re: Tunneling SMTP Traffic Via SSH Question
      ... Since the server with ssh and the mail server seem to be the same, ... as the tunnel destination. ... Tunneling SMTP Traffic Via SSH Question ... > pen testing experience in our state of the art hacking lab. ...