On Fri, Feb 10, 2006 at 11:56:37PM -0700, Austin Hook wrote:
> I wanted to fetch a remote ssh port into my home computer which is behind
> the cable modem and the NAT that the cable system is doing on the address
> it's DHCP gave out to me.  That way I could, from any third location, say
> from my laptop on the road, ssh into my home computer through the tunnel
> that ssh establishes.
> 
> I was successful in doing this under the circumstances where I assigned a
> spare IP address as a second alias to the machine where I wanted to
> establish the remote open end of the tunnel.
> 
> First I modified the /etc/ssh/sshd_config in the remote computer so that I
> had the parameter:
> 
> GatewayPorts clientspecified
> 
> instead of the default which is "no".
> 
> Then I issued a
> 
> ssh -R aliasIPaddress:22:localhost:22 [EMAIL PROTECTED]

Instead of using an IP alias, you can just do:
$ ssh -R '*:2222:localhost:22' [EMAIL PROTECTED]
and as long as you use an uprivileged port then you won't need root.

> Now the aliasIPaddress "binding" is supposed to be optional, and I thought
> that instead of using up a IP address at the remote site, it would be nice
> to just set up listening on, say, port 435 for ssh and just forward that
> particular port to the home machine.
> 
> Accordingly I set up listening on two ssh ports in the sshd_config of the
> remote machine.

By "remote machine" do you mean the intermediate machine?  You don't
need to do this.

[...]
> ssh -R 435:localhost:22 [EMAIL PROTECTED]

You don't need the port numbers on both ends of the forward to match
what the sshd is configured for.

> The ssh above did connect, but I saw an error message (approx:) "remote
> port forwarding failed".   And attempts to connect from a third (outside)
> site like:

That failed because sshd is already listening on port 435.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Reply via email to