[NCLUG] ssh through a proxy

Sean Reifschneider jafo-nclug at tummy.com
Sun Sep 29 08:35:44 MDT 2002


On Sat, Sep 28, 2002 at 06:40:33PM -0600, Dan Fink wrote:
>I thought that:
>ssh -L 22:192.168.0.1:22 danbob at xyz.com <mailto:danbob at xyz.com>
>would do the trick, but bash responds "Temporary failure in name resolution"

First of all, what's the story with the "<mailto...>"?  The line above
looks to me like you're running ssh reading stdin from a file called
"mailto:danbob at xyz.com" and trying to direct stdout somwhere but not
listing the file.  Are you actually listing that in the command you run?

The first part of the -L option specifies port 22 on the local machine
(so you presumably aren't running an SSH daemon on your local machine,
because it would be taking up port 22 and wouldn't allow the forward
to happen).  Then you say that you want it to be forwarded over the SSH
connection to port 22 on 192.168.0.1.  Can the "xyz.com" machine directly
connect to the 192.168.0.1 IP?

I don't really follow what you're trying to do, but effectively your
example says (if I'm understanding things correctly):

   When a connection to my local linux machine is made on port 22, forward
   it over the SSH connection and have the remote "xyz.com" machine try to
   connect to port 22 on the internal interface of my firewall.

That just doesn't seem right.

>AND, can tunneling with ssh be done from the Linux box without being 
>root, since port 22 is privileged?

It can be done, just not with port 22.  A program must be running as root
to be able to create ports <1024.  You can use another port and then have
SSH connect to it using the "-p" option.

Sean
-- 
 "8 out of 10 Starships that took the Folger's challenge didn't know they
 weren't using Dilithium Crystals."  -- Sean and Anne being silly one night.
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995.  Qmail, Python, SysAdmin



More information about the NCLUG mailing list