~ Remote Port Forwarding with Ubuntu 8.04 and OpenSSH 4.7
» By Joren on Monday 10 January 2011With this post I would like to draw attention to the fact that remote port forwarding with OpenSSH 4.7 on Ubuntu 8.04.1 does not work as expected.
If you follow the instructions of a SSH remote port forwarding tutorial everything goes well until you want to allow everyone to access the forwarded port (not just localhost). The problem arises when binding the forwarded port to an interface. Even with GatewayPorts yes
present in /etc/ssh/sshd_config
the following command shows that it went wrong:
1
2
3
4
5
user@local$ssh -R 2222:localhost:22 user@remote
user@remote$sudo netstat -lntp #on the remote server
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp6 0 0 ::1:2222 :::* LISTEN
It listens only via IPv6 and only on localhost an not on every interface (as per request by defining GatewayPorts yes
). The netstat
command should yield this output:
1
2
3
4
5
user@local$ssh -R 2222:localhost:22 user@remote
user@remote$sudo netstat -lntp #on the remote server
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN
I do not really know here it goes wrong but there is an easy workaround. By defining both
1
2
GatewayPorts yes
AddressFamily inet
in /etc/ssh/sshd_config
remote port forwarding works fine but you lose IPv6 connectivity (this due to the AddressFamily
setting). Another solution is to use more up to date software: the bug is not present in Ubuntu 10.04 with OpenSSH 5.3 (I don’t know if it is an Ubuntu or OpenSSH bug, or even a configuration issue.
I have been struggling with this issue for a couple of hours and, with this blog post, I hope I can prevent someone else from doing the same.