On Fri, Feb 10, 2006 at 11:56:37PM -0700, Austin Hook wrote:
> I wanted to fetch a remote ssh port into my home computer which is behind
> the cable modem and the NAT that the cable system is doing on the address
> it's DHCP gave out to me. That way I could, from any third location, say
> from my laptop on the road, ssh into my home computer through the tunnel
> that ssh establishes.
>
> I was successful in doing this under the circumstances where I assigned a
> spare IP address as a second alias to the machine where I wanted to
> establish the remote open end of the tunnel.
>
> First I modified the /etc/ssh/sshd_config in the remote computer so that I
> had the parameter:
>
> GatewayPorts clientspecified
>
> instead of the default which is "no".
>
> Then I issued a
>
> ssh -R aliasIPaddress:22:localhost:22 [EMAIL PROTECTED]
Instead of using an IP alias, you can just do:
$ ssh -R '*:2222:localhost:22' [EMAIL PROTECTED]
and as long as you use an uprivileged port then you won't need root.
> Now the aliasIPaddress "binding" is supposed to be optional, and I thought
> that instead of using up a IP address at the remote site, it would be nice
> to just set up listening on, say, port 435 for ssh and just forward that
> particular port to the home machine.
>
> Accordingly I set up listening on two ssh ports in the sshd_config of the
> remote machine.
By "remote machine" do you mean the intermediate machine? You don't
need to do this.
[...]
> ssh -R 435:localhost:22 [EMAIL PROTECTED]
You don't need the port numbers on both ends of the forward to match
what the sshd is configured for.
> The ssh above did connect, but I saw an error message (approx:) "remote
> port forwarding failed". And attempts to connect from a third (outside)
> site like:
That failed because sshd is already listening on port 435.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
