3

I am trying to use ssh to forward a TCP connection on a local port to a Unix socket on a remote server, but I keep getting errors.

I started by having nc listen on the remote server:

remote$ nc -lU /tmp/socket

Then I set up a portforward using SSH:

local$ ssh -L127.0.0.1:5000:/tmp/socket -vv #remote host here#

The SSH and portforwarding seem to work:

debug1: Local connections to 127.0.0.1:5000 forwarded to remote address /tmp/socket:-2
debug1: Local forwarding listening on 127.0.0.1 port 5000.
debug1: channel 0: new [port listener]
debug1: channel 1: new [client-session]

Then I try to access 127.0.0.1:5000 in a browser, and I get this error message in my terminal:

debug1: channel 2: new [direct-streamlocal@openssh.com]
channel 2: open failed: administratively prohibited: open failed
debug1: channel 2: free: direct-streamlocal@openssh.com: listening port 5000 for /tmp/socket port -2, connect from 127.0.0.1 port 41372 to 127.0.0.1 port 5000, nchannels 3

it comes up a bunch of times, and the connections fail.

How can I set this up? (I would prefer a solution which doesn't need root on the remote server or installing new software locally.)

George V. Williams
  • 131
  • 1
  • 5

1 Answers1

1
nc -klU /tmp/socket

Otherwise, nc will accept and handle one single connection and then exit. -k has nc fork off a new process to handle the incoming connection, and continue in it's accept() loop.

ssh seems overload "administartively prohibited" to also include, socket does not exist and socket-exists-but-nothing-is-listening.

Kjetil Joergensen
  • 5,994
  • 1
  • 27
  • 20