8

I want to connect to my computer(local) behind NAT through a public accessible server(public).

On local:

ssh -g -R 8000:localhost:22 user@public

Then on public:

ssh -p 8000 user@public

But I am getting error: Connection refused.

When I login to the public server, I can verify that the tunnel is working by:

ssh -p 8000 localhost

Which opens ssh on the local computer.

Am I suspecting something wrong that the public server should act as transparent proxy? Or how to make it work like that.

Improve this question

2 Answers 2

Reset to default
12

SSH remote port forwards will default binding to localhost/loopback for security purposes. It's not often preferable to allow other hosts access to your forwarded ports.

To override this behaviour you will need to do two things:

  • Enable the GatewayPorts option on the server.

  • Specify a bind address, or * to bind to all addresses, on the client.

    ssh -R \*:8000:localhost:22 user@public

Escape the asterisk to ensure that your shell doesn't expand it.

Improve this answer
0

This looks more like a problem with the settings on the remote computer public. By default the openssh sshd (which I guess is the one being used) the setting GatewayPorts turned to no, which forces remote port forwarding to only listen on localhost.

The solution would then be to edit your /etc/ssh/sshd_config (or equivalent), setting GatewayPorts to yes or to clientspecified. In case you choose the later you will have to change your tunnel request to something like -R *:8000:localhost:22 instead.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.