Ping a Specific Port

Question

user1955162

Asked: 2019-08-17 11:10:56 +0800 CST2019-08-17 11:10:56 +0800 CST 2019-08-17 11:10:56 +0800 CST

SSH Port Forwarding not working

772

I have two CentOS 7 servers (Hypervisor and Relay for this scenario) . I wish to connect to a VNC port on Hypervisor which is behind a firewall by using Relay with is a server with SSH open to Hypervisor.

I ask Hypervisor to establish the connection with the command:

ssh -N -R 0.0.0.0:5912:127.0.0.1:5912 root@Relay

Once I do this, I can connect to the port on Relay by

telnet localhost:5912

and I receive the response: RFB 003.008

When I telnet using the assigned IP address:

telnet 1.2.3.4:5912

on Relay: Connection Refused

Note, the IP 1.2.3.4 is the IP of Relay's NIC, and not some NAT'd IP.

I can not connect from another server within Relay's subnet either.

1 Answers

Voted

Michael Hampton · Answer 1 · 2019-08-17T11:27:12+08:00

By default sshd refuses to allow remote access to ports forwarded in this manner. This is documented in the ssh(1) man page.

             Specifying a remote bind_address will only succeed if the
             server's GatewayPorts option is enabled (see sshd_config(5)).

The documentation for GatewayPorts says that it is off by default. As it is security-sensitive, this is a reasonable default. From sshd_config(5):

     GatewayPorts
             Specifies whether remote hosts are allowed to connect to ports
             forwarded for the client.  By default, sshd(8) binds remote port
             forwardings to the loopback address.  This prevents other remote
             hosts from connecting to forwarded ports.  GatewayPorts can be
             used to specify that sshd should allow remote port forwardings to
             bind to non-loopback addresses, thus allowing other hosts to con‐
             nect.  The argument may be no to force remote port forwardings to
             be available to the local host only, yes to force remote port
             forwardings to bind to the wildcard address, or clientspecified
             to allow the client to select the address to which the forwarding
             is bound.  The default is no.

SSH Port Forwarding not working

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?