SSH port forwarding on shared server - SSH

This is a discussion on SSH port forwarding on shared server - SSH ; Hi, At uni I sometimes want to connect to things on my home server (web server, etc). I can do this using ssh with port forwarding (ssh -L ...), but the problem is that the servers at uni run dozens ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: SSH port forwarding on shared server

  1. SSH port forwarding on shared server

    Hi,

    At uni I sometimes want to connect to things on my home server (web
    server, etc).

    I can do this using ssh with port forwarding (ssh -L ...), but the
    problem is that the servers at uni run dozens of other terminal
    clients, so everyone else gets access to my forwarded port!

    Is there a way of making the local port secure in the sense that ssh
    will only allow me to connect to it?

    One idea I had is as follows:
    - Wait until connection to local port
    - Look through /proc for processes being run by the same user as ssh
    - For each process owned by the user, look at any pipes it has open
    - For each pipe, use fcntl or similar to find out if it's a TCP socket
    - If it's a TCP socket, check if the source and destination hosts/
    ports match the connection received by ssh
    - If such a socket is found, forward the connection to the ssh'd host
    - If no such socket is found, close the connection

    Any ideas appreciated,
    Codebeard.


  2. Re: SSH port forwarding on shared server

    X-No-Archive: Yes

    Only you want access to the forwarded port.
    Use PuTTY, it has an option (under SSH, under Tunnels) that says:
    "Local ports accept connections from other hosts."
    Make sure that this option is unchecked.

    That will solve your problem, nothing but your computer will have
    access to this forwarded. Problem solved?
    I don't know how this would work out under the OpenSSH ssh client,
    which I assume you are using.


  3. Re: SSH port forwarding on shared server

    On Aug 19, 9:53 pm, purpmint...@gmail.com wrote:
    > X-No-Archive: Yes
    >
    > Only you want access to the forwarded port.
    > Use PuTTY, it has an option (under SSH, under Tunnels) that says:
    > "Local ports accept connections from other hosts."
    > Make sure that this option is unchecked.
    >
    > That will solve your problem, nothing but your computer will have
    > access to this forwarded. Problem solved?
    > I don't know how this would work out under the OpenSSH ssh client,
    > which I assume you are using.


    Hi.

    This would work, but the problem is that the unix servers at my
    university are shared. That means that dozens of people can be using
    the same host at once (everybody has a different screen and keyboard,
    but are all sharing a big powerful server over the network). I already
    have that option disabled (using openssh you enable it if you want
    with the -g option), but it doesn't really fix the problem in this
    case.

    Codebeard.


+ Reply to Thread