7

I'm trying to setup a reverse ssh tunnel as follows:

A ==========> B <----X---- C

I'm initiating the tunnel from A with:

ssh -p 443 -NR 19001:localhost:21 userOnB@B

On computer B I can use the tunnel fine if I use:

ssh -p 19001 userOnA@localhost

But if I'm connecting to B with its name, IP address or another computer (say C) I get a ssh: connect to host port 19001: Connection refused.

What is wrong?

gregseth
  • 193
  • 2
  • 8

1 Answers1

20

By default tunnel endpoints only listen on 127.0.0.1, so they can't be accessed from other machines. To change this you first need to add this to /etc/ssh/sshd_config on the server:

GatewayPorts clientspecified

and then when establishing the tunnel specify the listen address as 0.0.0.0:

ssh -p 443 -NR 0.0.0.0:19001:localhost:21 userOnB@B
mgorven
  • 30,615
  • 7
  • 79
  • 122
  • 1
    on ubuntu you might need ```sudo reload sshd``` – MaximKostrikin Jan 28 '16 at 06:07
  • 1
    It's so annoying that serverfault and stackoverflow are separate, because the contents overlap so often. I specifically joined serverfault to upvote this. Great answer! – brandonsimpkins Aug 23 '18 at 12:43
  • 2
    `systemctl reload sshd` for the `systemd` users these days. Also, it's my fault for not reading correctly, but the word "server" doesn't really mean much to me when both computers are considered servers. The `sshd` configuration must be done on the *middleman* server, the one the reverse ssh tunnel is dialing. – norcalli Nov 19 '18 at 05:21
  • This is a great solution! It helps me! – Qylin Jan 23 '20 at 15:14