SSH port fowarding test
with SSH V1.2.27
Last update: 2001/5/30
Since 2001/5/29
Shigeo.Yashiro @kek.jp
Test is done with SSH Version 1.2.26 & SSH Version 1.2.27 environment.
- -L port fowarding.
- ftp via port-fowarding
Configuration
- Local host (suppose hostname is lune)
"sshdfwd-12345: localhost" in hosts.allow file.
Not depends on "AllowTcpForwarding" in /etc/sshd_config
- Remote host (suppose hostname is soleil)
"in.ftpd: localhost soleil soleil.kek.jp" in hosts.allow file.
Not depends on "AllowTcpForwarding" in /etc/sshd_config
Execution
- from localhost, make port.
lune$ ssh -L 12345:soleil:21 soleil
yashiro@soleil's password:
:
soleil$
- from another terminal of localhost
$ftp localhost 12345
Connected to localhost.
220 soleil FTP server (SunOS 4.1) ready.
Name (localhost:yashiro):
331 Password required for yashiro.
Password: Enter soleil's password
230 User yashiro logged in.
ftp> pass
Passive mode on.
ftp> ls
- -L port fowarding (case 1)
lune$ ssh -L 12345:soleil:21 soleil
Refer to "1.ftp via port-fowarding".
- -L port fowarding (case 2)
Configuration
- Local host (suppose hostname is lune)
"sshdfwd-12345: localhost" in hosts.allow file.
Not depends on "AllowTcpForwarding" in /etc/sshd_config
- Remote host (suppose hostname is soleil)
"in.ftpd: localhost soleil soleil.kek.jp" in hosts.allow file.
Not depends on "AllowTcpForwarding" in /etc/sshd_config
Execution
- from localhost, make port.
lune$ ssh -L 12345:soleil:21 etoile
yashiro@etoile's password:
:
etoile$
- from another terminal of localhost
$ftp localhost 12345
Connected to localhost.
220 soleil FTP server (SunOS 4.1) ready.
Name (localhost:yashiro):
331 Password required for yashiro.
Password: Enter soleil's password
230 User yashiro logged in.
ftp>
Comment
Connection between lune and etoile is encripted by SSH. On the other hand, connection between etoile and soleil is regacy unsecure ftp.
- Errors
- If port-fowarding is not allowed by TCP wrappers
Following error message will be issued when "ftp localhost 12345" is entered.
Fwd connection from localhost to local port sshdfwd-12345 refused by tcp_wrappers.
- If ftp from localhost is not allowed by TCP wrappers
lune% ftp localhost 12345
Connected to localhost.
421 Service not available, remote server has closed connection
ftp>
- If ftp is not allowed in /etc/inetd.conf
- How "AllowTcpForwarding no" works.
- "AllowTcpForwarding no" is a parameter to control -R port.
If it is put in etoile:/etc/sshd_config denys the following accesses.
- Denys -R port fowarding.
lune$ ssh -R 12345:soleil:21 etoile
yashiro@etoile's password:
:
etoile$ ftp localhost 12345
ftp: connect: Connection refused
ftp>
- This parameter does not deny -L port fowarding.