I'm running ssh -N -f -R127.0.2.3:23000:127.1.2.3:23000 user@remote
, and I expect the tunnel on remote has opened on 127.0.2.3:23000
, but it only opens on 127.0.0.1:23000
, and it's inconvenient because I need to open several tunnels on remote, but listen to the same tcp port.
In the local machine, the tunnel points to the right ip address (127.1.2.3:23000).
I have tried creating several loopback devices on remote, to no avail.
The same is for Linux and Freebsd servers (openbsd-ssh)
So, why is ssh -R not binding to loopback ip's on remote other than 127.0.0.1?
Thank you.
(sorry for bad redacting 🙂
Best Answer
While the local optional bind address is at the control of SSH's client side (specified with
-L
/LocalForward
or altered with-g
/GatewayPorts
in the client's configuration), the remote optional bind address specified by the client with-R
/RemoteForward
is at the control of SSH's server side with the server configurationGatewayPorts
. By default it'sno
. It should be set toclientspecified
to allow the client to choose which address to bind to:Moreover, the client's
RemoteForward
entry tells likewise:So you must be able to change the ssh's server configuration on the server (usually with root access), and add (or edit) this entry in the
sshd_config
file, so it shows:If you can't, you could use other available tools if present (or locally installable) on the server side to overcome this (quite weak) security limitation. For example
socat
, orssh
itself by using aLocalForward
from the server to itself (even if it's uselessly adding a layer of encryption).