Thursday, June 05, 2014

Reverse SSH Tunnel if AllowTCPForwarding is No

I ran into a problem the other day where I wanted to create a reverse tunnel from a remote machine to an inaccessible machine via my desktop, but when I tried the normally reliable:

ssh -R1234:otherhost:1234 remotebox

I was given the error:

Warning: remote port forwarding failed for listen port 1234

Drat! sshd has a config setting AllowTCPForwarding and it was not my friend. I started thinking about how to jury-rig something and after some problems eventually got to:

mkfifo pipe
cat pipe | ssh remotebox 'nc -l -p 1234' | nc otherhost 1234 > pipe

The magic of the named pipe allows us to send the standard output of the final netcat into the standard input of the of the ssh command.

Labels: , ,


Post a Comment

<< Home