Cygwin SSH port redirection

0

What happen when I do an SSH port redirection trough Cygwin SSH ?

I mean, does Cygwin has the power to redirect a port in Windows, without administrator rights ?

Or do he effectively redirect ports but only for apps runed with Cygwin ?

Or do he not redirect port considering that i'm not really on a Unix system ?

I tried to understand by making connection test to a Linux server, but i can't receive anything, I don't think that theres any port redirection, the app just send trough original port and the packet get lost because SSH only listen on the server side and only on a certain port that is not the port that I send through

Whats your opinion ?

What i'm trying to do : VNC trough SSH

netstat shows me that a local ephemeral port is connected to the SSH port of my server, but nothing about the redirected port, but, I mean, it's SSH who handle the port forwarding, i'm not supposed to have an open port other than the SSH one. SSH will send all through his own port, no ?

What I understand from tunneling is that is supposed to be like that :

VNC viewer => SERVERIP:VNCPORT => ssh transform : SERVERIP:SSHPORT => Local NIC => Internet => Server NIC => ssh transform SERVERIP:VNCPORT => VNC Server

So the application believes that the communication goes to internet in VNCPORT but it goes actually with SSHPORT, it's just encapsulation

The problem is, considering that, I should not experience problems using VNC, the fact is that I can't use it, no packet arrives to the server when a VNC viewer try to connect (and the SSH session is established, so it works well otherwise)

Well, actually not nothing but just that :

TCP    127.0.0.1:5900    0.0.0.0:0    LISTENING
TCP    [::1]:5900        [::]:0       LISTENING

And they dissapear when I close the SSH session

Does that mean that theres an actual tunnelling ? Is it system-wide, user-wide, Cygwin-wide ?

wxi

Posted 2020-02-22T10:32:04.990

Reputation: 43

show what you are doing and we can comment. If you are NOT a windows Admin, Cygwin programs can NOT magically grant you the necessary privileges. – matzeri – 2020-02-22T11:21:49.347

I know that he cannot, but is Cygwin even can do port forwarding at all ?, I mean, I doesn't get errors at all, maybe he just can't do that. Do you have any experience with port forwarding in Cygwin ? How can i verify if the computer outputs in the source port or does he effectively forward something ? – wxi – 2020-02-22T11:58:31.057

I think you may be misunderstanding what SSH port forwarding is. It is entirely unlike the port forwarding you may be able to set up on your router. – Daniel B – 2020-02-22T12:42:31.277

Okay, but whatever my comprehension is, the fact is that it doesn't work... – wxi – 2020-02-22T12:53:37.860

Answers

0

Everything is working. You can see the local listener. Let’s take a look at the OpenSSH manual:

-L [bind_address:]port:host:hostport
-L [bind_address:]port:remote_socket
-L local_socket:host:hostport
-L local_socket:remote_socket

Specifies that connections to the given TCP port or Unix socket on the local (client) host are to be forwarded to the given host and port, or Unix socket, on the remote side. This works by allocating a socket to listen to either a TCP port on the local side, optionally bound to the specified bind_address, or to a Unix socket. Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either host port hostport, or the Unix socket remote_socket, from the remote machine.

Port forwardings can also be specified in the configuration file. Only the superuser can forward privileged ports. IPv6 addresses can be specified by enclosing the address in square brackets.

By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.

So you probably used something like ssh -L 5900:vnserver:5900 user@sshserver. This means that the SSH client will open a TCP listener on localhost:5900 that you can connect to. This connection will then be forwarded over the SSH connection. The SSH server will open a connection to vncserver:5900 on your behalf.

There is magic traffic interception or anything involved. To use the forwarding you set up, you have to connect to the resulting listener on the client.

SSH port/socket forwarding does not require special permissions, except when you want the local port to be in the privileged ports range.

SSH port forwarding is available for all connections (local or otherwise, if listening on a wider scope) like any local TCP listener.

SSH socket forwarding is subject to file permissions like any Unix socket.

Daniel B

Posted 2020-02-22T10:32:04.990

Reputation: 40 502

Okay, i just figured out that on LAN my server actually receives the packets, but through WAN my server does not receives the forwarded packet at all (and the SSH session is established the same way and works fine). The mystery is somewhere else – wxi – 2020-02-22T14:23:43.310

In your question, you’re trying to use the SSH port forwarding like a VPN connection. That’s not correct. – Daniel B – 2020-02-22T14:24:55.743

What do you mean ? It's not correct over WAN or the method is not correct ? It actually works on LAN, why he doesn't should work on WAN ? – wxi – 2020-02-22T14:26:16.660

Your VNC client must connect to localhost:5900, otherwise it is not using the SSH port forwarding. – Daniel B – 2020-02-22T16:44:51.070

Okay it works fully that way, you can edit your reply appropriately, i will select it. thanks ! – wxi – 2020-02-22T20:01:24.980

Asked: 2020-02-22T10:32:04.990

Viewed: 32 times

Active: 2020-02-22T14:19:01.437