SSH port forwarding on shared server

19/08/2007, 10h16

Hi,

At uni I sometimes want to connect to things on my home server (web
server, etc).

I can do this using ssh with port forwarding (ssh -L ...), but the
problem is that the servers at uni run dozens of other terminal
clients, so everyone else gets access to my forwarded port!

Is there a way of making the local port secure in the sense that ssh
will only allow me to connect to it?

One idea I had is as follows:
- Wait until connection to local port
- Look through /proc for processes being run by the same user as ssh
- For each process owned by the user, look at any pipes it has open
- For each pipe, use fcntl or similar to find out if it's a TCP socket
- If it's a TCP socket, check if the source and destination hosts/
ports match the connection received by ssh
- If such a socket is found, forward the connection to the ssh'd host
- If no such socket is found, close the connection

Any ideas appreciated,
Codebeard.

19/08/2007, 13h53

X-No-Archive: Yes

Only you want access to the forwarded port.
Use PuTTY, it has an option (under SSH, under Tunnels) that says:
"Local ports accept connections from other hosts."
Make sure that this option is unchecked.

That will solve your problem, nothing but your computer will have
access to this forwarded. Problem solved?
I don't know how this would work out under the OpenSSH ssh client,
which I assume you are using.

19/08/2007, 13h53

X-No-Archive: Yes

Only you want access to the forwarded port.
Use PuTTY, it has an option (under SSH, under Tunnels) that says:
"Local ports accept connections from other hosts."
Make sure that this option is unchecked.

That will solve your problem, nothing but your computer will have
access to this forwarded. Problem solved?
I don't know how this would work out under the OpenSSH ssh client,
which I assume you are using.

19/08/2007, 14h18

On Aug 19, 9:53 pm, purpmint...@gmail.com wrote:
> X-No-Archive: Yes
>
> Only you want access to the forwarded port.
> Use PuTTY, it has an option (under SSH, under Tunnels) that says:
> "Local ports accept connections from other hosts."
> Make sure that this option is unchecked.
>
> That will solve your problem, nothing but your computer will have
> access to this forwarded. Problem solved?
> I don't know how this would work out under the OpenSSH ssh client,
> which I assume you are using.

Hi.

This would work, but the problem is that the unix servers at my
university are shared. That means that dozens of people can be using
the same host at once (everybody has a different screen and keyboard,
but are all sharing a big powerful server over the network). I already
have that option disabled (using openssh you enable it if you want
with the -g option), but it doesn't really fix the problem in this
case.

Codebeard.

19/08/2007, 10h16	#1
codebeard@gmail.com Messages: n/a Hébergeur:	SSH port forwarding on shared server Hi, At uni I sometimes want to connect to things on my home server (web server, etc). I can do this using ssh with port forwarding (ssh -L ...), but the problem is that the servers at uni run dozens of other terminal clients, so everyone else gets access to my forwarded port! Is there a way of making the local port secure in the sense that ssh will only allow me to connect to it? One idea I had is as follows: - Wait until connection to local port - Look through /proc for processes being run by the same user as ssh - For each process owned by the user, look at any pipes it has open - For each pipe, use fcntl or similar to find out if it's a TCP socket - If it's a TCP socket, check if the source and destination hosts/ ports match the connection received by ssh - If such a socket is found, forward the connection to the ssh'd host - If no such socket is found, close the connection Any ideas appreciated, Codebeard.

19/08/2007, 13h53	#2
purpmint008@gmail.com Messages: n/a Hébergeur:	Re: SSH port forwarding on shared server X-No-Archive: Yes Only you want access to the forwarded port. Use PuTTY, it has an option (under SSH, under Tunnels) that says: "Local ports accept connections from other hosts." Make sure that this option is unchecked. That will solve your problem, nothing but your computer will have access to this forwarded. Problem solved? I don't know how this would work out under the OpenSSH ssh client, which I assume you are using.

19/08/2007, 13h53	#3
purpmint008@gmail.com Messages: n/a Hébergeur:	Re: SSH port forwarding on shared server X-No-Archive: Yes Only you want access to the forwarded port. Use PuTTY, it has an option (under SSH, under Tunnels) that says: "Local ports accept connections from other hosts." Make sure that this option is unchecked. That will solve your problem, nothing but your computer will have access to this forwarded. Problem solved? I don't know how this would work out under the OpenSSH ssh client, which I assume you are using.

19/08/2007, 14h18	#4
codebeard@gmail.com Messages: n/a Hébergeur:	Re: SSH port forwarding on shared server On Aug 19, 9:53 pm, purpmint...@gmail.com wrote: > X-No-Archive: Yes > > Only you want access to the forwarded port. > Use PuTTY, it has an option (under SSH, under Tunnels) that says: > "Local ports accept connections from other hosts." > Make sure that this option is unchecked. > > That will solve your problem, nothing but your computer will have > access to this forwarded. Problem solved? > I don't know how this would work out under the OpenSSH ssh client, > which I assume you are using. Hi. This would work, but the problem is that the unix servers at my university are shared. That means that dozens of people can be using the same host at once (everybody has a different screen and keyboard, but are all sharing a big powerful server over the network). I already have that option disabled (using openssh you enable it if you want with the -g option), but it doesn't really fix the problem in this case. Codebeard.

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email