-   Linux - Security (
-   -   Reverse SSH tunnel (

edan 07-14-2010 02:29 PM

Reverse SSH tunnel
Does anyone know if it is possible to make the remote port in a reverse SSH tunnel listen on the regular network interface of the SSH server, and not just the loopback adapter on the remote system? The client is putty on a Windows machine, server is Ubuntu based (but can go with another OS if needed).

I basically need a system located on the same network as the SSH server to connect to a TCP port on the system that's running the SSH client. No matter what I do, I can only get it to listen on localhost. Thanks!

tlowk 07-14-2010 02:53 PM

man ssh

option -R shows that it is possible with a limitation on the server side where it has to listen the 'GatewayPorts' must be enabled in the sshd_config file.

Off course there is a way to get around this for ports above 1024 (unless you can login as root)

ssh -R 2020:localhost:20 server
# this creates a reverse tunnel from server to client
ssh -P 2020 -g 5900:localhost:5900 localhost
# make a connection from the server to the client via that reverse tunnel

both lines above contain localhost but that refers to the 'other host'

I didn't test this hack but I don't see why it wouldn't work.
The -g allows other host to connect to the port without having access to the sshd_config on that server.

edan 07-14-2010 08:11 PM

Thanks, GatewayPorts is exactly what I needed!

vikas027 07-14-2010 09:37 PM

Dear Edan,

Please mark this thread as SOLVED if your problem is resolved. You can see my signature for the exact steps.

All times are GMT -5. The time now is 03:59 AM.