Re: GatewayPorts does not open remote end

• Previous message: Jan Engelhardt: "Re: GatewayPorts does not open remote end"
• In reply to: Jan Engelhardt: "Re: GatewayPorts does not open remote end"
• Next in thread: Darren Tucker: "Re: GatewayPorts does not open remote end"
• Reply: Darren Tucker: "Re: GatewayPorts does not open remote end"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 22 Jan 2005 10:39:16 GMT

In article <Pine.LNX.4.61.0501221052400.19780@yvahk01.tjqt.qr>,
Jan Engelhardt <jengelh@linux01.gwdg.de> wrote:
>But if the sshd_config (which I may not edit, for I am not root) has
>GatewayPorts = yes, then all -L and -R would be forwarded, even for users
>which do not want Gatewayports.

That's true. There's an enhancement request with patch to implement
finer-grained control over port forwarding listen addresses:
http://bugzilla.mindrot.org/show_bug.cgi?id=413

If GatewayPorts=no on the server, then there's not much you can do
about it from the client side. What you could potentially do is run
an external forwarder (eg a modified netcat?) on the server to accept
connections and forward them to sshd on the loopback.

If nothing else is available, the ssh client on the remote host could
be pressed into service, although it's not very efficient, eg:

$ ssh -A -R 1234:port.forward.dest:22 remoteserver \
        ssh -L 1235:127.0.0.1:1234 -N localhost

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

• Previous message: Jan Engelhardt: "Re: GatewayPorts does not open remote end"
• In reply to: Jan Engelhardt: "Re: GatewayPorts does not open remote end"
• Next in thread: Darren Tucker: "Re: GatewayPorts does not open remote end"
• Reply: Darren Tucker: "Re: GatewayPorts does not open remote end"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: OpenSSH 3.8p1, Solaris 9, hostbased auth problem ... >be anything in the sshd config to enable/disable requiring privileged ... Try running the server in debug mode and see what it complains about. ... ssh client was to make sure that the source port was <1024, ... Good judgement comes with experience. ... (comp.security.ssh) Re: SSH vs encrypted passwords ... This means that the SSH client and server ... The shared secret is the unhashed password. ... encryption ... (comp.os.linux.security) FW: SSH/SFTP rc problem in Solaris. ... I use SSH client and server on a Solaris 9 server, ... PKGINST: SUNWsshu ... bash-2.05$ sftp -b a.sftp scnsys11 ... (SSH) Re: question about x11 forwarding in ssh ... But my question was geared toward what is happening on the ssh client ... open a socket connection to the local X server? ... socket to localhost, port 6000 (on the ssh client side, not on the sshd ... (SSH) Re: Conectivity problems affecting openssh ssh clients but not other ssh clients ... Debian unstable 4.6p1 OpenSSL 0.9.8e ... The problem exists on two accounts on the server. ... on my home network I installed sshd on the Debian machine. ... the java ssh client, I shell in to the Red Hat remote machine. ... (SSH)