SSH Port Forwarding not working

centos7networkingsshssh-tunnelvnc

I have two CentOS 7 servers (Hypervisor and Relay for this scenario) . I wish to connect to a VNC port on Hypervisor which is behind a firewall by using Relay with is a server with SSH open to Hypervisor.

I ask Hypervisor to establish the connection with the command:

ssh -N -R 0.0.0.0:5912:127.0.0.1:5912 root@Relay

Once I do this, I can connect to the port on Relay by 

telnet localhost:5912

and I receive the response: RFB 003.008

When I telnet using the assigned IP address: 

telnet 1.2.3.4:5912

on Relay: Connection Refused

Note, the IP 1.2.3.4 is the IP of Relay's NIC, and not some NAT'd IP.

I can not connect from another server within Relay's subnet either.

Best Answer

By default sshd refuses to allow remote access to ports forwarded in this manner. This is documented in the ssh(1) man page.

             Specifying a remote bind_address will only succeed if the
             server's GatewayPorts option is enabled (see sshd_config(5)).

The documentation for GatewayPorts says that it is off by default. As it is security-sensitive, this is a reasonable default. From sshd_config(5):

     GatewayPorts
             Specifies whether remote hosts are allowed to connect to ports
             forwarded for the client.  By default, sshd(8) binds remote port
             forwardings to the loopback address.  This prevents other remote
             hosts from connecting to forwarded ports.  GatewayPorts can be
             used to specify that sshd should allow remote port forwardings to
             bind to non-loopback addresses, thus allowing other hosts to con‐
             nect.  The argument may be no to force remote port forwardings to
             be available to the local host only, yes to force remote port
             forwardings to bind to the wildcard address, or clientspecified
             to allow the client to select the address to which the forwarding
             is bound.  The default is no.
Related Topic