~ Remote Port Forwarding with Ubuntu 8.04 and OpenSSH 4.7

With this post I would like to draw attention to the fact that remote port forwarding with OpenSSH 4.7 on Ubuntu 8.04.1 does not work as expected.

If you follow the instructions of a SSH remote port forwarding tutorial everything goes well until you want to allow everyone to access the forwarded port (not just localhost). The problem arises when binding the forwarded port to an interface. Even with GatewayPorts yes present in /etc/ssh/sshd_config the following command shows that it went wrong:

```ruby\ user@local$ssh -R 2222:localhost:22 user@remote\ user@remote$sudo netstat -lntp #on the remote server\ Active Internet connections (only servers)\ Proto Recv-Q Send-Q Local Address Foreign Address State\ tcp6 0 0 ::1:2222 :::* LISTEN\ ```

It listens only via IPv6 and only on localhost an not on every interface (as per request by defining GatewayPorts yes). The netstat command should yield this output:

```ruby\ user@local$ssh -R 2222:localhost:22 user@remote\ user@remote$sudo netstat -lntp #on the remote server\ Active Internet connections (only servers)\ Proto Recv-Q Send-Q Local Address Foreign Address State\ tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN\ ```

I do not really know here it goes wrong but there is an easy workaround. By defining both

```ruby\ GatewayPorts yes\ AddressFamily inet\ ```

in /etc/ssh/sshd_config remote port forwarding works fine but you lose IPv6 connectivity (this due to the AddressFamily setting). Another solution is to use more up to date software: the bug is not present in Ubuntu 10.04 with OpenSSH 5.3 (I don’t know if it is an Ubuntu or OpenSSH bug, or even a configuration issue.

I have been struggling with this issue for a couple of hours and, with this blog post, I hope I can prevent someone else from doing the same.

Code and 0110.be