5
3
I want to forward sshd (port 22) on machine X which has a non-routeable IP. The forwarding options are nc (which is horrible), inetd (requires privs), iptables (requires privs) and ssh. So I'm using ssh, which has the added bonus of providing an encrypted tunnel.
I have a machine Y with a public IP. I want to expose X:22 as Y:8022.
X $ ssh -R8022:localhost:22 Y
This works, but port 8022 is bound to the loopback:
Y $ netstat -ant
. . .
tcp 0 0 127.0.0.1:8022 0.0.0.0:* LISTEN
which means I cannot connect from any foreign machines. Since GatewayPorts
is no
in Y's /etc/ssh/sshd_config
, I cannot specific another bind address. Any ideas?
Note: I did manage to get things working by using another tunnel from Y to Y:
Y $ ssh -g -L9022:localhost:8022 localhost
which is a very inefficient solution: it encrypts/decrypts on localhost
from port 9022 to 8022, then encrypts again before sending to X. Surely there must be a better way?
Possible duplicate of How to make ssh tunnel open to public?
– Cees Timmerman – 2016-03-09T12:28:17.027