суббота, 10 ноября 2012 г.

ssh reverse tunnel for external internet

Today I needed to create an ssh reverse tunnel, so when someone connects to a server's port, he is forwarded to my PC's port. A usual thing, nothing special.
I googled a bit and found a lot of examples.

ssh -R 8888:localhost:80 user@host.com

So when a TCP connection is opened to host.com:8888, it actually gets forwarded to my localhost:80.

Pretty simple. But it did not work.

After googling and googling and finding all the same simple but not working examples, I finally did the right thing: reading manual.
It turned out that when server-side bind address is not specified (as it is in my case) it binds to 127.0.0.1 which is not visible from the outside internet. You can specify * or empty string as bind address to make sshd bind to all interfaces, or even specify an IP address to bind to, but any of these will work only if sshd server has GatewayPorts enabled.

Okay, after adding the following line
GatewayPorts on
to the /etc/ssh/sshd_config and restarting sshd it has started to work. Command is:
ssh -R *:8888:localhost:80 user@host.com
One more little thing learned.