AW: ssh -R only listening on lo

From: Miro Dietiker, MD Systems (info_at_md-systems.ch)
Date: 09/16/05

  • Next message: Micha Borrmann: "Re: ssh -R only listening on lo"
    To: "'David Wolever'" <wolever@ftml.net>, <secureshell@securityfocus.com>
    Date: Fri, 16 Sep 2005 07:57:09 +0200
    
    

    Hi David

    I ever used only localhost-Fort forwarding and was lucky that this was
    enforced by default! But you're right, if we like to have a a public
    local port forwarded (available to any specified/unspecified host on
    local net) ...

    Watch man ssh_config:
         GatewayPorts
              Specifies whether remote hosts are allowed to connect to local
              forwarded ports. By default, ssh binds local port forwardings
    to
              the loopback address. This prevents other remote hosts from
    con-
              necting to forwarded ports. GatewayPorts can be used to
    specify
              that ssh should bind local port forwardings to the wildcard
              address, thus allowing remote hosts to connect to forwarded
              ports. The argument must be ``yes'' or ``no''. The default
    is
              ``no''.

    This topic could be also defined by the server (and need in your case)

    Now define it ad-hoc this way (other direction):

    ssh -o GatewayPorts=yes -L PORT:HOST:REMOTEPORT HOST

    I found a description of such a specific setup via google:
    http://www.akadia.com/services/ssh_connect_tunnels.html

    A short test I did worked perfectly! :-) So have fun!
    (Machine a does a tunnel to b and machine c connects over that tunnel
    via a to b)

    GrEeZ!

    +-------------------------------+ +-------------------------------+
    | Miro Dietiker | | MD Systems Miro Dietiker |
    | Dipl. Ing. FH Elektrotechnik | | Alte Zürcherstrasse 10 |
    | | | 8903 Birmensdorf |
    | | | |
    | Mobile: +41 (0)78 707 30 10 | | Geschäft: +41 (0)43 344 03 56 |
    | | | Fax: +41 (0)43 344 03 57 |
    | m.dietiker@md-systems.ch | | info@md-systems.ch |
    | | | www.md-systems.ch |
    +-------------------------------+ +-------------------------------+

    -----Ursprüngliche Nachricht-----
    Von: David Wolever [mailto:wolever@ftml.net]
    Gesendet: Freitag, 16. September 2005 01:57
    An: secureshell@securityfocus.com
    Betreff: ssh -R only listening on lo

    Hey,

    I was playing around with `ssh -R` last night, and found

    that (even with -g, if that switch applies to this) ssh

    would only listen on the loop-back (127.0.0.1) address.

    This means I can't connect back down the tunnel from the
    server to the client from anywhere except the server.
    The command line I used was:

    ssh -vgR 8888:mylaptop:80 myserver
    I looked through the verbose output and couldn't find much

    useful information.

    Is this something I'm doing wrong, or is this the way things

    are supposed to be? Is there a way I could work around it

    (with out starting ANOTHER tunnel the other way using -L

    from the remote host, that is >_~)?

    On my laptop, ssh -v gives me:
    OpenSSH_3.8.1p1, OpenSSL 0.9.7g 11 Apr 2005 (this is on a
    machine running OSX 10.4)
    On my server, ssh -v says:
    OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004

    Thanks,

    David

    -- 
      David Wolever - http://wolever.net/~wolever
      AIM: davidswolever MSN: david@wolever.net
      P: 416-769-0318 C: 416-906-0403
      "Without payment you have received; without payment you are to give."
           (Mat 10:8 ISV)
    

  • Next message: Micha Borrmann: "Re: ssh -R only listening on lo"