Re: "public" OpenSSH Tunnel

• Previous message: Sean Straw (to email, replace lutefisk with mail): "Re: Broken-ness configuring with openssl-0.9.7b and openssh-3.6.1p1"
• In reply to: Kyler Laird: "Re: "public" OpenSSH Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 22 Jun 2003 00:43:38 -0400

>>>>> "KL" == Kyler Laird <Kyler@news.Lairds.org> writes:

    KL> I'm thrilled that this is supported now, but I've not been
    KL> successful in getting it to happen...

That's because I goofed in my post: this feature is supported in the
ssh.com software, not OpenSSH. Sorry for the confusion. For the record:

The SSH-2 protocol mechanism for requesting a remote port forwarding from
the server, allows the client to specify a full socket to be forwarded (IP
address and port), not just the port. But OpenSSH does not support this
on either side: the client always sends 0.0.0.0, and the server ignores
the address it receives (cf channels.c:2145 and serverloop.c:974 in
3.6p1). ssh.com on the other hand, does support this feature, and on both
sides. You can give a remote forwarding like:

  ssh2 -R 10.1.1.1:1234:remote:5678 ...

and the server will bind the 10.1.1.1 interface only (assuming it has
one). Btw, the man page section on this feature is *very* misleadingly
written. It implies that you can use hostnames in that field, which you
should be able to do but can't; it also uses the word "localhost" as a
variable in describing the syntax, which is very confusing since
"localhost" already has a common meaning -- I first took it to be a
keyword.

-- 
  Richard Silverman
  res@qoxp.net

• Previous message: Sean Straw (to email, replace lutefisk with mail): "Re: Broken-ness configuring with openssl-0.9.7b and openssh-3.6.1p1"
• In reply to: Kyler Laird: "Re: "public" OpenSSH Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]