Thursday, January 5, 2023

SSH Tunnel That Listens To Non Loopback (Non Localhost) IP

In order for ssh tunnel to listen to non localhost interface, we have to enable "GatewayPorts" in /etc/ssh/sshd_config

1. Open /etc/ssh/sshd_config using your preferred text editor. I use vi
$ sudo vi /etc/ssh/sshd_config

2. Turn on "GatewayPorts" by adding below into /etc/ssh/sshd_config
GatewayPorts yes

3. Save and exit the text editor

4. Restart ssh
$ sudo systemctl restart ssh

5. Now we can create a local/remote tunnel, and the tunnel can be made to listen to non loopback (non localhost). For example, we can forward a port from another machine, and make it to listen to all ipv4 address in our local machine
$ ssh -R

6. We can verify it by using ss command
$ sudo ss -tulpn | grep 1111
tcp   LISTEN 0      128                   *                   users:(("sshd",pid=xxxxx,fd=10))

No comments: