HPE Community
Operating System - HP-UX
1833852 Members
1849 Online
110063 Solutions
New Discussion

SSH Port redirection

 
SOLVED
Go to solution
Gary Price
Occasional Contributor

‎05-17-2003 04:55 AM

‎05-17-2003 04:55 AM

SSH Port redirection

I'm currently using ssh to forward http over a secure channel. However, ssh seems to listen on all interfaces when using the command below.

ssh -b Local_IP -N -L 80:remote_server:80 -f -g

The problem is I run several interfaces on the server and only wish for SSH to listen on a single interface. I've also tried remote forwarding but could only get ssh to listen on the local loopback.

HP-UX Secure Shell 3.1
HP-UX 11.11

Thanks,
Gary
0 Kudos
Reply
2 REPLIES 2
Paula J Frazer-Campbell
Honored Contributor

‎05-17-2003 05:03 AM

‎05-17-2003 05:03 AM

Re: SSH Port redirection

Gary

This might help:-

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x44a03a1c04ffd61190050090279cd0f9,00.html


Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎05-17-2003 09:59 PM

‎05-17-2003 09:59 PM

Solution

Re: SSH Port redirection

Just to clarify Paula's answer, the ssh_config manpage states:

GatewayPorts

Specifies whether remote hosts are allowed to connect to local forwarded ports. By default, ssh binds local port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to
specify that ssh should bind local port forwardings to the
wildcard address, thus lowing remote hosts to connect to forwarded ports. The argument must be ``yes'' or ``no''. The default is ``no''.


It seems that the current version os openssh, at least, does not allow you to specify the interface that remote hosts can connect to for port forwarding.

The -b option only tells openssh what interface to use when connecting to remotehost.

Using a tool like ipfilter, you can control what interface or ip address is allowed to receive inbound traffic on port 80, which ssh will then forward to your remote host.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.