~ Remote Port Forwarding with Ubuntu 8.04 and OpenSSH 4.7» By Joren on Monday 10 January 2011
With this post I would like to draw attention to the fact that remote port forwarding with OpenSSH 4.7 on Ubuntu 8.04.1 does not work as expected.
If you follow the instructions of a SSH remote port forwarding tutorial everything goes well until you want to allow everyone to access the forwarded port (not just localhost). The problem arises when binding the forwarded port to an interface. Even with
GatewayPorts yes present in
/etc/ssh/sshd_config the following command shows that it went wrong:
user@local$ssh -R 2222:localhost:22 user@remote user@remote$sudo netstat -lntp #on the remote server Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp6 0 0 ::1:2222 :::* LISTEN
It listens only via IPv6 and only on localhost an not on every interface (as per request by defining
GatewayPorts yes). The
netstat command should yield this output:
user@local$ssh -R 2222:localhost:22 user@remote user@remote$sudo netstat -lntp #on the remote server Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN
I do not really know here it goes wrong but there is an easy workaround. By defining both
/etc/ssh/sshd_config remote port forwarding works fine but you lose IPv6 connectivity (this due to the
AddressFamily setting). Another solution is to use more up to date software: the bug is not present in Ubuntu 10.04 with OpenSSH 5.3 (I don’t know if it is an Ubuntu or OpenSSH bug, or even a configuration issue.
I have been struggling with this issue for a couple of hours and, with this blog post, I hope I can prevent someone else from doing the same.