LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-02-2010, 01:48 PM   #1
santana
Member
 
Registered: Sep 2004
Distribution: FC, ubuntu, OpenSuse
Posts: 112

Rep: Reputation: 16
unforward ssh port?


after login in I forward a port from our front end to a node like this:

Code:
fe$ ~C <enter>
-L XXXX:node:YYYY
fe$
so far I have been loging out of the ssh session to remove that port forward. Is there a command to do so, so I won't have to log out? I really just want to redirect the remote end (node:YYYY) to a different node.
 
Old 02-02-2010, 03:39 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Find the process id and kill it.
 
Old 02-02-2010, 03:58 PM   #3
santana
Member
 
Registered: Sep 2004
Distribution: FC, ubuntu, OpenSuse
Posts: 112

Original Poster
Rep: Reputation: 16
uh...if I kill ssh that will log me out...
 
Old 02-02-2010, 11:48 PM   #4
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
lol rweaver has a sense of humor. actually it won't log you out when you kill ssh... it will just cause connection drop

wondering about this too...
--upd:
no way I just built the latest ssh 5.3p1 from sources: they just added -D param in that ~C menu.
you know what... it looks like simply not supported.
here's some code(clientloop.c:810, 5.3p1)
Code:
	if (*s == 'K') {
		delete = 1;
		s++;
	}
	if (*s == 'L')
		local = 1;
	else if (*s == 'R')
		remote = 1;
	else if (*s == 'D')
		dynamic = 1;
	else {
		logit("Invalid command.");
		goto out;
	}

	if ((local || dynamic) && delete) {
		logit("Not supported.");
		goto out;
	}
probably there is a way around if try to hack the code...

Last edited by Web31337; 02-03-2010 at 12:36 AM.
 
Old 02-03-2010, 12:55 AM   #5
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
I'm not a good C coder but from here it looks like to get this to work we have to list existing port forwarding "channels", find one listening that local port and destroy it in channel_setup_fwd_listen() function before calling bind() and listen() etc.
Like it's done here: (channels.c:2630, 5.3p1)
Code:
int
channel_cancel_rport_listener(const char *host, u_short port)
{
	u_int i;
	int found = 0;

	for (i = 0; i < channels_alloc; i++) {
		Channel *c = channels[i];

		if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&
		    strcmp(c->path, host) == 0 && c->listening_port == port) {
			debug2("%s: close channel %d", __func__, i);
			channel_free(c);
			found = 1;
		}
	}

	return (found);
}
i'm now really curious about this, maybe I can add this little improvement. I'll go try this out by now.
 
Old 02-03-2010, 06:08 AM   #6
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
santana you may either use -D parameter in SSH(since 5.2) or you can look here for alternate solution I've cooked today
It's a sort of solution, anyways, I don't guarantee it's going to work in your case but still might be useful.
 
Old 02-03-2010, 11:14 AM   #7
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
The long and short answer is without resetting the ssh session (at least on the versions I have access to (5.1.x)) there is no way to kill an existing tunnel you created. I think the answer offered by web31337 is as good an answer as you're going to find. I also think it would be something worthwhile to suggest to the openssh developers... there IS a way to do it with the protocol because you can do it with putty for instance connected to an openssh server... but I can't find a good way to do it with the command line version of the openssh client.
 
Old 02-03-2010, 11:46 AM   #8
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
Probably the one I suggest is the very method of doing that. At least it seem to be logically correct in code. I can't see a reason why such a simple thing was not implemented in OpenSSH while it is added in PuTTY.
Tunnel appears to be freed correctly(at least debug messages say that, and it just works as meant to), but there are still things I have to add, but not now.

Last edited by Web31337; 02-03-2010 at 11:47 AM.
 
Old 02-03-2010, 12:04 PM   #9
santana
Member
 
Registered: Sep 2004
Distribution: FC, ubuntu, OpenSuse
Posts: 112

Original Poster
Rep: Reputation: 16
Wow! Awesome! Thanks guys
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
port knocking only for ssh port? xpucto Linux - Security 1 03-29-2007 08:22 AM
Howto do Secured ssh from port https or port80(standard) to ssh d listening port 22 ? Xeratul Linux - General 4 11-23-2006 06:09 AM
iptables help! DROP ssh port, but allow to connect to ssh if from 2222 port kandzha Linux - Networking 4 09-13-2006 09:10 AM
ssh over port 80 but port 80 isnt available profoX Linux - Networking 4 06-01-2006 02:12 AM
SSH port other than 22 piforever Fedora 6 01-22-2006 07:05 PM


All times are GMT -5. The time now is 12:23 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration