Hello,
I just upgraded from 2.9p2 to 3.0.1p1 and good news. I don't have to
patch channels.c to get Remote Port Forwarding to work. That is
fantastic.
It appears, however, that -g still doesn't work. I checked the archives
and it doesn't look like anyone has mentioned it yet.
What does work is if I ssh to a machine I can telnet to localhost on
the forwarded port, but connecting to the remote host on the forwarded
port from another host doesn't work.
netstat -a reveils:
localhost.4000 *.* 0 0 0 0 LISTEN
so it is still just binding to localhost instead of INADDR_ANY.
p.s. This first test was on Solaris 2.6 sparc, and I am about to rebuild
on Solaris 7 and 8, but I don't expect different results.
--
David F. Newman
UNIX Administrator
dnewman at maraudingpirates.org
As far as I understand it, that behaviour is correct. On Mon, 2001-11-19 at 19:04, David F. Newman wrote:> Hello, > I just upgraded from 2.9p2 to 3.0.1p1 and good news. I don't have to > patch channels.c to get Remote Port Forwarding to work. That is > fantastic. > > It appears, however, that -g still doesn't work. I checked the archives > and it doesn't look like anyone has mentioned it yet. > > What does work is if I ssh to a machine I can telnet to localhost on > the forwarded port, but connecting to the remote host on the forwarded > port from another host doesn't work. > > netstat -a reveils: > localhost.4000 *.* 0 0 0 0 > LISTEN > > so it is still just binding to localhost instead of INADDR_ANY. > > p.s. This first test was on Solaris 2.6 sparc, and I am about to rebuild > on Solaris 7 and 8, but I don't expect different results. > > -- > David F. Newman > UNIX Administrator > dnewman at maraudingpirates.org >-- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-796-9023 email: austin at coremetrics.com
On Mon, 19 Nov 2001, David F. Newman wrote:
:I just upgraded from 2.9p2 to 3.0.1p1 and good news. I don't have to
:patch channels.c to get Remote Port Forwarding to work. That is
:fantastic.
:
:It appears, however, that -g still doesn't work. I checked the archives
:and it doesn't look like anyone has mentioned it yet.
ssh -g is for local forwards.
look at sshd GatewayPorts. the documentation was clarified for 2.9.9/3.0:
GatewayPorts
Specifies whether remote hosts are allowed to connect to ports
forwarded for the client. By default, sshd binds remote port
forwardings to the loopback addresss. This prevents other remote
hosts from connecting to forwarded ports. GatewayPorts can be
used to specify that sshd should bind remote port forwardings to
the wildcard address, thus allowing remote hosts to connect to
forwarded ports. The argument must be ``yes'' or
``no''. The de-
fault is ``no''.
On Mon, 19 Nov 2001, Kevin Steves wrote:> ssh -g is for local forwards. > > look at sshd GatewayPorts. the documentation was clarified for 2.9.9/3.0: >Ahhh, I see. I actually read that as local to the side that was doing the port forwarding, as opposed to strictly the ssh client side. Cool beans. -Dave