Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

AW: ssh -R only listening on lo

from [Miro Dietiker, MD Systems] Network Security [Permanent Link]
Subject: AW: ssh -R only listening on lo
Date: Fri, 16 Sep 2005 07:57:09 +0200 
Hi David

I ever used only localhost-Fort forwarding and was lucky that this was
enforced by default! But you're right, if we like to have a a public
local port forwarded (available to any specified/unspecified host on
local net) ...

Watch man ssh_config:
     GatewayPorts
          Specifies whether remote hosts are allowed to connect to local
          forwarded ports.  By default, ssh binds local port forwardings
to
          the loopback address.  This prevents other remote hosts from
con-
          necting to forwarded ports.  GatewayPorts can be used to
specify
          that ssh should bind local port forwardings to the wildcard
          address, thus allowing remote hosts to connect to forwarded
          ports.  The argument must be ``yes'' or ``no''.  The default
is
          ``no''.

This topic could be also defined by the server (and need in your case)

Now define it ad-hoc this way (other direction):

ssh -o GatewayPorts=yes -L PORT:HOST:REMOTEPORT HOST

I found a description of such a specific setup via google:
http://www.akadia.com/services/ssh_connect_tunnels.html

A short test I did worked perfectly! :-) So have fun!
(Machine a does a tunnel to b and machine c connects over that tunnel
via a to b)

GrEeZ!

+-------------------------------+  +-------------------------------+
| Miro Dietiker                 |  | MD Systems Miro Dietiker      |
| Dipl. Ing. FH Elektrotechnik  |  | Alte Zürcherstrasse 10        |
|                               |  | 8903 Birmensdorf              |
|                               |  |                               |
| Mobile:   +41 (0)78 707 30 10 |  | Geschäft: +41 (0)43 344 03 56 |
|                               |  | Fax:      +41 (0)43 344 03 57 |
| m.dietiker@md-systems.ch      |  | info@md-systems.ch            |
|                               |  |             www.md-systems.ch |
+-------------------------------+  +-------------------------------+

-----Ursprüngliche Nachricht-----
Von: David Wolever [mailto:wolever@ftml.net] 
Gesendet: Freitag, 16. September 2005 01:57
An: secureshell@securityfocus.com
Betreff: ssh -R only listening on lo

Hey,

I was playing around with `ssh -R` last night, and found

that (even with -g, if that switch applies to this) ssh

would only listen on the loop-back (127.0.0.1) address.

This means I can't connect back down the tunnel from the
server to the client from anywhere except the server.
The command line I used was:

ssh -vgR 8888:mylaptop:80 myserver
I looked through the verbose output and couldn't find much

useful information.

Is this something I'm doing wrong, or is this the way things

are supposed to be?  Is there a way I could work around it

(with out starting ANOTHER tunnel the other way using -L

from the remote host, that is >_~)?


On my laptop, ssh -v gives me:
OpenSSH_3.8.1p1, OpenSSL 0.9.7g 11 Apr 2005 (this is on a
machine running OSX 10.4)
On my server, ssh -v says:
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004

Thanks,

David      
-- 
  David Wolever - http://wolever.net/~wolever
  AIM: davidswolever MSN: david@wolever.net
  P: 416-769-0318 C: 416-906-0403
  "Without payment you have received; without payment you are to give."
       (Mat 10:8 ISV)
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AW: audit perspective: proof that all connections are encrypted, Miro Dietiker, MD Systems
Next by Date:  Re: ssh -R only listening on lo, Micha Borrmann
Previous by Thread:  ssh -R only listening on lo, David Wolever
Next by Thread:  Re: ssh -R only listening on lo, Micha Borrmann
Indexes:  [Date] [Thread] [Top] [All Lists]