I'm working with a server that is behind a firewall. I have established an ssh tunnel to an intermediate server in the internet like this:
remoteuser@behind_fw$ ssh -N -f -R 10002:localhost:22 middleuser@middle
But I can't connect directly throgh this server, this doesn't work:
user@local$ ssh remoteuser@middle -p 10002
I have to connect in two steps:
user@local$ ssh middleuser@middle
middleuser@middle$ ssh remoteuser@localhost -p 10002
Output of netstat -l on middle:
tcp 0 0 localhost:10002 *:* LISTEN
but it should be something like this:
tcp 0 0 *:10002 *:* LISTEN
how can I achieve this?
Best Answer
This being a tunnel opened at a remote server, that server needs to have GatewayPorts set to yes in its /etc/ssh/sshd_config.
Depending on what kind of users that server have you might want to use the Match option to limit that capability to your user.
Do note that you probably want to add this Match block in the end of your sshd_config, since a Match block goes on until another one begins, or the file ends.
That being said, how about instead trying what I'd consider a slightly cleaner solution?