How to determine the port allocated on the server for a dynamically bound openssh reverse tunnel

opensshsshssh-tunnel

When creating reverse tunnels on recent versions of OpenSSH a remote port of 0 can be given to bind any available port:

-R [bind_address:]port:host:hostport

…

If the port argument is `0', the listen port will be dynamically
allocated on the server and reported to the client at run time.

openssh ssh client manpage

My question is how I can (in an automated way) determine this port allocation on the server. It seems rather unhelpful that it is reported to the host running the ssh client – but not to the target, which will want to make connections to this port to access services on the client.

Two similar options I can think of are either running

# netstat -ntlp

on the server and look for suspect ports bound on 127.0.0.1 by sshd or by looking at the output of

# lsof -p $PPID | grep TCP | grep LISTEN

But neither of these is pleasant from an automation point of view, and there isn't any way of tying the dynamic ports back to the origin service port if more than one such tunnel is created.

Is there anything I'm missing to effectively get a list of active tunnels (both local and remote port numbers) on the sshd server side, like an equivalent to the SSH_CONNECTION environment variable, but for active tunnels?

For some context, I'm trying to create potentially very many simultaneous reverse tunnels to a host, tunnelling back to the same port number on many different hosts. Having the TCP stack automatically manage the port pool seems like the most effective way of doing this.

Best Answer

If you set the 'LogLevel' in the sshd_config configuration file to DEBUG1 (or any DEBUG level), then sshd will log the port numbers in /var/log/auth.log.

Do remember, that using a LogLevel of DEBUG or higher could be a privacy risk, since much is logged.

(from /var/log/auth.log, removed a few lines to show relevant information)

Jun 24 06:18:24 radon sshd[9334]: Connection from 192.168.13.10 port 39193
Jun 24 06:18:24 radon sshd[9334]: Accepted publickey for lornix from 192.168.13.10 port 39193 ssh2
Jun 24 06:18:24 radon sshd[9334]: pam_unix(sshd:session): session opened for user lornix by (uid=0)
Jun 24 06:18:24 radon sshd[9334]: User child is on pid 9339
Jun 24 06:18:24 radon sshd[9339]: debug1: Local forwarding listening on 0.0.0.0 port 0.
Jun 24 06:18:24 radon sshd[9339]: debug1: Allocated listen port 39813
Jun 24 06:18:24 radon sshd[9339]: debug1: channel 0: new [port listener]
Jun 24 06:18:24 radon sshd[9339]: debug1: Local forwarding listening on :: port 39813.
Jun 24 06:18:24 radon sshd[9339]: debug1: channel 1: new [port listener]
Jun 24 06:18:27 radon sshd[9339]: Received disconnect from 192.168.13.10: 11: disconnected by user

If you follow it through, you can see where you could parse the connection information, and then the forwarded port (39813 in this case)

I used this command line between two of my machines, I do have ssh-key login set up, so no password prompts or delays

-xenon- lornix:~> ssh -R "*:0:radon:22" -N -T radon
Allocated port 39813 for remote forward to radon:22

-N specifies no command is given, and -T stops allocation of a tty for this connection.

Another way to disseminate the port connection information would be to parse it from the client side and send an email, jabber, text msg, smoke signals or pigeon to carry the port # to whomever needs it.

Related Solutions

How to tunnel port 25565 through SSH

The simplest way is to use putty (Client Side APP). You should not need anything on the remote side except firewall rules to allow out going connections

Setup:

Within putty setup a new connection to your unix box.(Add the host details etc , don't connect yet)
Once that is all setup go to Connection -> SSH -> Tunnels in the putty tree view.
Next enter 25565 into the source port and leave the destination blank.
Finally select dynamic on the first combo box.
Make sure you save everything then finally click the open button

This will create a tunnel on port 25565 locally to any destination on the remote site. This also assumes that you can tunnel a minecraft connection (you might need to set your IE settings to use the the SSH tunnel as well since games sometimes use this if they cant get a connection)

If you cant tunnel minecraft by default use a app like proxy cap to force all out going connections through the tunnel.

Shell – List open SSH tunnels

if you only want to list tunnels created by ssh:

% sudo lsof -i -n | egrep '\<ssh\>'
ssh  19749  user  3u  IPv4 148088244   TCP x.x.x.x:39689->y.y.y.y:22 (ESTABLISHED)
ssh  19749  user  4u  IPv6 148088282   TCP [::1]:9090 (LISTEN)
ssh  19749  user  5u  IPv4 148088283   TCP 127.0.0.1:9090 (LISTEN)

(that would be a -L 9090:localhost:80 tunnel)

if you want to see the tunnels / connections made to a sshd:

 % sudo lsof -i -n | egrep '\<sshd\>'
sshd  15767  root  3u  IPv4 147401205   TCP x.x.x.x:22->y.y.y.y:27479 (ESTABLISHED)
sshd  15842  user  3u  IPv4 147401205   TCP x.x.x.x:22->y.y.y.y:27479 (ESTABLISHED)
sshd  15842  user  9u  IPv4 148002889   TCP 127.0.0.1:33999->127.0.0.1:www (ESTABLISHED)
sshd  1396   user  9u  IPv4 148056581   TCP 127.0.0.1:5000 (LISTEN)
sshd  25936  root  3u  IPv4 143971728   TCP *:22 (LISTEN)

the ssh-daemon listens on port 22 (last line), 2 subprocesses are spawned (first 2 lines, login of 'user'), a -R tunnel created on port 5000, and a -L tunnel which forwards a port from my (local) machine to localhost:80 (www).

Best Answer

Related Solutions

How to tunnel port 25565 through SSH

Shell – List open SSH tunnels

Related Question