How to make port forwarding in initramfs stage?

0

0

I can install dropbear into the initramfs and successfully connect to this ssh server (IP: my_initramfs_ip) on boot stage, as described here.

Now I want to perform a port forwarding as a client at the same stage. For this purpose, I installed dropbear ssh client (dbclient) into the initramfs and in order to check if it works correctly, I tried to connect to one of my servers within the initramfs: 

initramfs# dbclient user@myserver
user@myserver password: ...

Which works perfectly and I can log in to myserver. Now I want to perform a port forwarding, just like I usually do when the actual system boots up: 

initramfs# dbclient -R 1234:localhost:22 myserver_ip

But the port forward simply doesn't work when I try to connect by: 

myserver$ ssh root@localhost -p 1234

with the error:

ssh_exchange_identification: read: Connection reset by peer

So, how can I make the port forwarding on boot stage?

Edit:

I tried to add the library files that dbclient opens while performing a successful reverse port forwarding into the initramfs just in case: 

myserver$ strace dbclient -R 7000:localhost:22 user@1.1.1.1 2>&1 | grep open | grep lib | sed 's/open("//' | sed 's/",.*//'
user@1.1.1.1's password: 
/lib/x86_64-linux-gnu/libutil.so.1
/lib/x86_64-linux-gnu/libz.so.1
/lib/x86_64-linux-gnu/libc.so.6
/lib/x86_64-linux-gnu/libnss_compat.so.2
/lib/x86_64-linux-gnu/libnsl.so.1
/lib/x86_64-linux-gnu/libnss_nis.so.2
/lib/x86_64-linux-gnu/libnss_files.so.2

...but there is no success.

ceremcem

Posted 2018-01-27T18:56:22.647

Reputation: 363

Rationale: When I install my OS on a LUKS partition (target machine), I need to unlock the disk over network, via SSH, as described here. The problem is that the SSH connection requires a port forwarding in the remote firewall so that I can connect my target machine. I want to make my target connect and put its SSHD port onto a server so that I could connect my target over my server. This will eliminate the port forwarding requirement.

– ceremcem – 2018-01-27T19:57:39.177

I tried to simplify the question by removing the additional nc experiment part so it's now simply a port forwarding question. – ceremcem – 2018-01-28T14:28:12.190

Yes, that's the case. The tricky part is that ... -R 1234:localhost:22 still doesn't work even you make the lo interface up but ... -R 1234:127.0.0.1:22 works when lo is up. Would you consider copying your comment to an answer? – ceremcem – 2018-01-28T21:57:53.497

Answers

1

The loopback interface may be down at initramfs host. Maybe all you need is

ifconfig lo up

(Inspired by this answer on Unix&Linux SE).

Kamil Maciorowski

Posted 2018-01-27T18:56:22.647

Reputation: 38 429

Asked: 2018-01-27T18:56:22.647

Viewed: 252 times

Active: 2018-01-28T23:06:43.577