SSH Reverse Port Forwarding with PuTTy – how to specify bind address

port-forwardingputtyssh

Using Putty, I have set up a reverse proxy which allows me to connect on port 8080 of the server at server.tld to port 80 of the machine which initiated the SSH connection.

The server allows me to connect on localhost:8080 and returns the result of initiator:80 when I connect on the server.

This question says to enable GatewayPorts and bind to all addresses.

Using Putty, how can I expose port 8080 on the server so that when a request comes through on the external interface (e.g. a web request) the port is forwarded to the initiator:80?

enter image description here

Best Answer

There are two checkboxes when setting up the PuTTY tunnel,

Local ports accept connections from other hosts
Remote ports do the same (SSH-2 only)

the second of those does what you need.

I just tested it,

PuTTY tunnels dialog,

Tick Remote ports ...
Put 8080 into Source port
Put 127.0.0.1:80 into Destination port
Select 'Remote' radio button
Click Add
Connect

Works fine, here's the resulting netstat,

# netstat -an | grep 8080
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN
tcp6       0      0 :::8080                 :::*                    LISTEN

You can also use plink.exe that comes with PuTTY, for example,

plink -R *:8080:localhost:80 user@remote.host.example

which works fine as well.

# netstat -an | grep 8080
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN
tcp6       0      0 :::8080                 :::*                    LISTEN

If you're still getting 127.0.0.1:8080 on the host, then GatewayPorts is still set to no in your sshd config.

Also, don't forget to update the firewall on the target server to allow external connections to port 8080.

Related Solutions

Ssh – port forward to an established reverse ssh tunnel

See the "Remote port forwarding for anyone at work !" section of this webpage. The article suggests that you should add the

GatewayPorts yes

option to your sshd_config on your HostB. That should cause the remote port forwarding on your HostB to listen on all of its network interfaces.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

Ssh – port forward to an established reverse ssh tunnel

Ssh – How to automate SSH login with password

Related Topic