About remote forwarding and gateway mode - SSH

This is a discussion on About remote forwarding and gateway mode - SSH ; Hi, While the -g option works with local forwarding, it does not work for remote forwarding. This option should allow other computer to access the ports being forwarded. This is done by binding the socket to the wildcard interface and ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: About remote forwarding and gateway mode

  1. About remote forwarding and gateway mode

    Hi,

    While the -g option works with local forwarding, it does not work for
    remote forwarding. This option should allow other computer to access
    the
    ports being forwarded. This is done by binding the socket to the
    wildcard
    interface and not to the loopback only. (This is what i understood)

    Is this a known limitation? a security feature? or am i wrong?

    Thanks

    Franky


  2. Re: About remote forwarding and gateway mode

    In article <1188301534.216160.68130@r23g2000prd.googlegroups.c om>
    francois.saidi@gmail.com writes:
    >
    >While the -g option works with local forwarding, it does not work for
    >remote forwarding. This option should allow other computer to access
    >the
    >ports being forwarded. This is done by binding the socket to the
    >wildcard
    >interface and not to the loopback only. (This is what i understood)
    >
    >Is this a known limitation? a security feature? or am i wrong?


    Essentially a security feature - i.e. it's up to the admin of the server
    to allow it or not. See GatewayPorts in sshd_config(5).

    --Per Hedeland
    per@hedeland.org

  3. Re: About remote forwarding and gateway mode

    >>>>> "PH" == Per Hedeland writes:

    PH> In article <1188301534.216160.68130@r23g2000prd.googlegroups.c om>
    PH> francois.saidi@gmail.com writes:
    >> While the -g option works with local forwarding, it does not work
    >> for remote forwarding. This option should allow other computer to
    >> access the ports being forwarded. This is done by binding the
    >> socket to the wildcard interface and not to the loopback
    >> only. (This is what i understood)
    >>
    >> Is this a known limitation? a security feature? or am i wrong?


    PH> Essentially a security feature - i.e. it's up to the admin of the
    PH> server to allow it or not. See GatewayPorts in sshd_config(5).

    PH> --Per Hedeland per@hedeland.org

    Note that -g will not work for this in any event, but if the server has
    GatewayPorts=clientspecified, then you can explicitly bind the wildcard
    address with e.g. ssh -R 0.0.0.0:1234:target:4321.

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread