SSH Port forwarding - SSH

This is a discussion on SSH Port forwarding - SSH ; Hi All, I am running an application over telnet interface on port say 5566 So I generally connect telnet 5566. How to connect to the application via ssh (using ssh portforwarding.) Thanks and Regards, Jc...

+ Reply to Thread
Results 1 to 6 of 6

Thread: SSH Port forwarding

  1. SSH Port forwarding

    Hi All,

    I am running an application over telnet interface on port say 5566
    So I generally connect telnet 5566.

    How to connect to the application via ssh (using ssh portforwarding.)

    Thanks and Regards,
    Jc


  2. Re: SSH Port forwarding

    Jc wrote:
    > Hi All,
    >
    > I am running an application over telnet interface on port say 5566
    > So I generally connect telnet 5566.
    >
    > How to connect to the application via ssh (using ssh portforwarding.)
    >
    > Thanks and Regards,
    > Jc
    >


    ssh -L 5566:localhost:5566 userid@remotehost

    telnet localhost 5566

  3. Re: SSH Port forwarding

    Hi,
    Thanks. It works.
    But what happens is it directly logged into the remotehost which I
    don't want. I want the user to get only the info through the port 5566
    (ssh).
    Any way?
    Thanks in advance,
    Jc
    Chuck wrote:
    > Jc wrote:
    > > Hi All,
    > >
    > > I am running an application over telnet interface on port say 5566
    > > So I generally connect telnet 5566.
    > >
    > > How to connect to the application via ssh (using ssh portforwarding.)
    > >
    > > Thanks and Regards,
    > > Jc
    > >

    >
    > ssh -L 5566:localhost:5566 userid@remotehost
    >
    > telnet localhost 5566



  4. Re: SSH Port forwarding

    On 9 Jan 2007 23:38:46 -0800
    "Jc" wrote:

    > Hi,
    > Thanks. It works.
    > But what happens is it directly logged into the remotehost which I
    > don't want. I want the user to get only the info through the port 5566
    > (ssh).
    > Any way?


    It's a bit unclear what exactly you're looking for. If you want to
    setup a tunnel between two systems and allow a other systems to use
    that tunnel to connect, then use the -g option while forwarding. If you
    instead want to use the remote host as a forwarder for the traffic into
    a network it can access, then use ssh -L 5566:THIRDHOST:5566 REMOTEHOST
    and then telnet localhost 5566 will work for you.

    Doug

    --
    For UNIX, Linux and security articles
    visit http://SecurityBulletins.com/

  5. Re: SSH Port forwarding

    Hi,

    I don't want the user to login into my host instead I want the user to
    connect only the specific port. But what happens is, if I execute the
    port forwarding command, the user was able to login to my host.
    Hoe is can be avided.

    Thanks and Regards,
    Jeyachitra.
    Doug Spencer wrote:
    > On 9 Jan 2007 23:38:46 -0800
    > "Jc" wrote:
    >
    > > Hi,
    > > Thanks. It works.
    > > But what happens is it directly logged into the remotehost which I
    > > don't want. I want the user to get only the info through the port 5566
    > > (ssh).
    > > Any way?

    >
    > It's a bit unclear what exactly you're looking for. If you want to
    > setup a tunnel between two systems and allow a other systems to use
    > that tunnel to connect, then use the -g option while forwarding. If you
    > instead want to use the remote host as a forwarder for the traffic into
    > a network it can access, then use ssh -L 5566:THIRDHOST:5566 REMOTEHOST
    > and then telnet localhost 5566 will work for you.
    >
    > Doug
    >
    > --
    > For UNIX, Linux and security articles
    > visit http://SecurityBulletins.com/



  6. Re: SSH Port forwarding

    On 2007-01-18, Jc wrote:
    > I don't want the user to login into my host instead I want the user to
    > connect only the specific port. But what happens is, if I execute the
    > port forwarding command, the user was able to login to my host.
    > Hoe is can be avided.


    If you're using OpenSSH you can set the user's shell to, eg, /bin/true.
    (You will probably have to add /bin/true to /etc/shells too). The user
    will need to specify -N (or its equivalent in their client) to prevent
    the client from requesting a shell. This will work only with the SSHv2
    protocol.

    Another alternative is to make the user's shell to be a shell script
    that does something like "exec sleep 300". This will work with both
    versions of the ssh protocol but will leave a bunch of sleep processes
    running for a while.

    As far as restricting the users to a specific port, older versions of
    OpenSSH could only do that if you were using pubkey authentication.
    Newer versions (>=4.4) have a PermitOpen directive for this purpose.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

+ Reply to Thread