ssh port-forwarding with GatewayPorts = no

I want to forward sshd (port 22) on machine X which has a non-routeable IP. The forwarding options are nc (which is horrible), inetd (requires privs), iptables (requires privs) and ssh. So I'm using ssh, which has the added bonus of providing an encrypted tunnel.

I have a machine Y with a public IP. I want to expose X:22 as Y:8022.

X $ ssh -R8022:localhost:22 Y

This works, but port 8022 is bound to the loopback:

Y $ netstat -ant
. . .  
tcp        0      0 127.0.0.1:8022          0.0.0.0:*               LISTEN

which means I cannot connect from any foreign machines. Since GatewayPorts is no in Y's /etc/ssh/sshd_config, I cannot specific another bind address. Any ideas?

Note: I did manage to get things working by using another tunnel from Y to Y:

Y $ ssh -g -L9022:localhost:8022 localhost

which is a very inefficient solution: it encrypts/decrypts on localhost from port 9022 to 8022, then encrypts again before sending to X. Surely there must be a better way?

Fixee

Posted 2013-04-13T19:24:32.957

Reputation: 288

Possible duplicate of How to make ssh tunnel open to public?

– Cees Timmerman – 2016-03-09T12:28:17.027

Answers

Why do you use a reverse port forwarding?

On host Y:

ssh -f -N -q -L :8022:localhost:22 user@X should do the trick

-f: daemonize

-N: no command

-q: quiet

-L: port forward

-: leading: : is used to enable local port via all interfaces, not only localhost

maxxvw

Posted 2013-04-13T19:24:32.957

Reputation: 381

You can ssh from Y to X because (as noted in the question), X has a private IP. This means a reverse tunnel is required. – Fixee – 2013-04-13T20:14:55.367

ok, since GatewayPorts is off, i haven't any solution...sorry – maxxvw – 2013-04-13T20:50:50.607

Try to run something like socat after connected to Y？

ssh -R8022:localhost:22 Y socat tcp-listen:9022,fork,reuseaddr tcp:127.0.0.1:8022

Then you can connect to X through Y:9022

jack77213

Posted 2013-04-13T19:24:32.957

Reputation: 1