On Fri, Feb 10, 2006 at 11:56:37PM -0700, Austin Hook wrote: > I wanted to fetch a remote ssh port into my home computer which is behind > the cable modem and the NAT that the cable system is doing on the address > it's DHCP gave out to me. That way I could, from any third location, say > from my laptop on the road, ssh into my home computer through the tunnel > that ssh establishes. > > I was successful in doing this under the circumstances where I assigned a > spare IP address as a second alias to the machine where I wanted to > establish the remote open end of the tunnel. > > First I modified the /etc/ssh/sshd_config in the remote computer so that I > had the parameter: > > GatewayPorts clientspecified > > instead of the default which is "no". > > Then I issued a > > ssh -R aliasIPaddress:22:localhost:22 [EMAIL PROTECTED]
Instead of using an IP alias, you can just do: $ ssh -R '*:2222:localhost:22' [EMAIL PROTECTED] and as long as you use an uprivileged port then you won't need root. > Now the aliasIPaddress "binding" is supposed to be optional, and I thought > that instead of using up a IP address at the remote site, it would be nice > to just set up listening on, say, port 435 for ssh and just forward that > particular port to the home machine. > > Accordingly I set up listening on two ssh ports in the sshd_config of the > remote machine. By "remote machine" do you mean the intermediate machine? You don't need to do this. [...] > ssh -R 435:localhost:22 [EMAIL PROTECTED] You don't need the port numbers on both ends of the forward to match what the sshd is configured for. > The ssh above did connect, but I saw an error message (approx:) "remote > port forwarding failed". And attempts to connect from a third (outside) > site like: That failed because sshd is already listening on port 435. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.