In order for ssh tunnel to listen to non localhost interface, we have to enable "GatewayPorts" in /etc/ssh/sshd_config
1. Open /etc/ssh/sshd_config using your preferred text editor. I use vi
$ sudo vi /etc/ssh/sshd_config
2. Turn on "GatewayPorts" by adding below into /etc/ssh/sshd_config
GatewayPorts yes
3. Save and exit the text editor
4. Restart ssh
$ sudo systemctl restart ssh
5. Now we can create a local/remote tunnel, and the tunnel can be made to listen to non loopback (non localhost). For example, we can forward a port from another machine, and make it to listen to all ipv4 address in our local machine
$ ssh -R 0.0.0.0:1111:localhost:22
6. We can verify it by using ss command
$ sudo ss -tulpn | grep 1111...tcp LISTEN 0 128 0.0.0.0:1111 0.0.0.0:* users:(("sshd",pid=xxxxx,fd=10))
No comments:
Post a Comment