0
0
I can install dropbear into the initramfs and successfully connect to this ssh server (IP: my_initramfs_ip
) on boot stage, as described here.
Now I want to perform a port forwarding as a client at the same stage. For this purpose, I installed dropbear ssh client (dbclient
) into the initramfs and in order to check if it works correctly, I tried to connect to one of my servers within the initramfs:
initramfs# dbclient user@myserver
user@myserver password: ...
Which works perfectly and I can log in to myserver
. Now I want to perform a port forwarding, just like I usually do when the actual system boots up:
initramfs# dbclient -R 1234:localhost:22 myserver_ip
But the port forward simply doesn't work when I try to connect by:
myserver$ ssh root@localhost -p 1234
with the error:
ssh_exchange_identification: read: Connection reset by peer
So, how can I make the port forwarding on boot stage?
Edit:
I tried to add the library files that dbclient
opens while performing a successful reverse port forwarding into the initramfs just in case:
myserver$ strace dbclient -R 7000:localhost:22 user@1.1.1.1 2>&1 | grep open | grep lib | sed 's/open("//' | sed 's/",.*//'
user@1.1.1.1's password:
/lib/x86_64-linux-gnu/libutil.so.1
/lib/x86_64-linux-gnu/libz.so.1
/lib/x86_64-linux-gnu/libc.so.6
/lib/x86_64-linux-gnu/libnss_compat.so.2
/lib/x86_64-linux-gnu/libnsl.so.1
/lib/x86_64-linux-gnu/libnss_nis.so.2
/lib/x86_64-linux-gnu/libnss_files.so.2
...but there is no success.
Rationale: When I install my OS on a LUKS partition (target machine), I need to unlock the disk over network, via SSH, as described here. The problem is that the SSH connection requires a port forwarding in the remote firewall so that I can connect my target machine. I want to make my target connect and put its SSHD port onto a server so that I could connect my target over my server. This will eliminate the port forwarding requirement.
– ceremcem – 2018-01-27T19:57:39.177I tried to simplify the question by removing the additional
nc
experiment part so it's now simply a port forwarding question. – ceremcem – 2018-01-28T14:28:12.190Yes, that's the case. The tricky part is that
... -R 1234:localhost:22
still doesn't work even you make thelo
interface up but... -R 1234:127.0.0.1:22
works whenlo
is up. Would you consider copying your comment to an answer? – ceremcem – 2018-01-28T21:57:53.497