0

I'm running an SSH tunnel command that looks like this:

ssh -v centos@bastion001.int01.abb.us.company.com -L 9999:10.238.93.43:8991

But when I test listening connections with the netstat command I don't see the tunnel port:

bastion001 ABB-LAB] 0 15:45:16 [~] $ netstat -tulpn | grep -i listen
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp6       0      0 ::1:25                  :::*                    LISTEN      -
tcp6       0      0 :::111                  :::*                    LISTEN      -
tcp6       0      0 :::8080                 :::*                    LISTEN      1078/java
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::8081                 :::*                    LISTEN      1078/java
tcp6       0      0 :::22                   :::*                    LISTEN      -

What's going on here? Why can't I see the tunnel port?

user99201
  • 287
  • 2
  • 8
  • 22

1 Answers1

2

Listening ports can only been seen from the machine that initiated the SSH Tunnel. Your command logs you into the remote system interactively. Consider the command following for better visibility:

ssh -nNf centos@bastion001.int01.abb.us.company.com -L 9999:10.238.93.43:8991

Once the tunnel is up, then execute the following command from client machine that initiated the tunnel:

netstat -tulpn | grep -i listen

You should get something like this:

tcp     0    0 127.0.0.1:9999       0.0.0.0:*      LISTEN      1286/ssh
tcp     0    0 ::1:9999              :::*           LISTEN      1286/ssh

Both lines in the results show 9999 as the listening port from client side. You will not be able to get same results from the server side.

peterh
  • 4,953
  • 13
  • 30
  • 44
Bruce Malaudzi
  • 214
  • 1
  • 5