I have trouble enabling SSH remote port forwarding publicly.
On the client side:
ssh -vvv -nNT -p 2222 -R \*:8882:localhost:22 xx@<server_address>
Output:
…
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to xxx.com ([xxx.xxx.xxx.xxx]:2222).
debug1: Remote connections from *:8882 forwarded to local address localhost:22
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: remote forward success for: listen *:8882, connect localhost:22
debug1: All remote forwarding requests processed
On the server side: (which got GatewayPorts enabled, confirmed with sshd -T
)
netstat -an | grep 8882
Output:
tcp 0 0 0.0.0.0:8882 0.0.0.0:* LISTEN
tcp6 0 0 :::8882 :::* LISTEN
When connecting to localhost (ssh -p 8882 xx@localhost
), it does work and i can login into the SSH shell of the client. However, ssh
just hangs there and do nothing if I change localhost
to my local ip, or even 127.0.0.1
, there is also no debug output at the client side, too.
As seen from the netstat
output, it seems the port 8882
is bound to all interfaces and should work publicly, but it doesn't. What have I done wrong?
Best Answer
Setting in sshd_config to allow tunneling is
AllowTcpForwarding
. Remember to restart sshd to make it work.