Question concerning remote port-forwarding with SSH
This is a discussion on Question concerning remote port-forwarding with SSH within the Linux Security forums, part of the System Security and Security Related category; I have difficulties to find out when I should use SSH remote port-forwarding e.g. ssh sshserver -R 7777:...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-07-2005
|
|||
|
|||
Question concerning remote port-forwarding with SSH
I have difficulties to find out when I should use SSH remote port-forwarding e.g.
ssh sshserver -R 7777:localhost:110 Notice the -R and instead of -L This would cause a data traffic (with the syntax: in-port:machine:out-port): MailClient(on remote):* -> 7777:SSHServer:* -> 22:SSHClient(on localhost):* -> 110:MailServer(on localhost) Are the following statement correct: - Use remote port-forwarding (-R) when the connection between SSH-Server and ApplicationServer (e.g.MailServer) should be encrypted - Use "normal" port-forwarding (-L) when the connection between ApplicationClient (e.g.MailClient) and SSH-Server should be crypted - Use remote port-forwarding (-R) when the SSHClient is on the machine where the ApplicationServer (e.g.MailServer) is located - Use "normal" port-forwarding (-L) when the SSHClient is on the machine where the ApplicationClient (e.g. MailClient) is located Peter 
|
|
07-11-2005
|
|||
|
|||
|
Re: Question concerning remote port-forwarding with SSH
Peter Meister wrote:
> I have difficulties to find out when I should use SSH remote port-forwarding e.g. > > ssh sshserver -R 7777:localhost:110 > > Notice the -R and instead of -L > > This would cause a data traffic (with the syntax: in-port:machine:out-port): > > MailClient(on remote):* -> 7777:SSHServer:* -> 22:SSHClient(on localhost):* -> 110:MailServer(on localhost) > > Are the following statement correct: > > - Use remote port-forwarding (-R) when the connection between SSH-Server > and ApplicationServer (e.g.MailServer) should be encrypted > - Use "normal" port-forwarding (-L) when the connection between ApplicationClient > (e.g.MailClient) and SSH-Server should be crypted > - Use remote port-forwarding (-R) when the SSHClient is on the machine > where the ApplicationServer (e.g.MailServer) is located > - Use "normal" port-forwarding (-L) when the SSHClient is on the machine > where the ApplicationClient (e.g. MailClient) is located > > Peter None of the above. SSH encrypts every time - whether -L or -R or neither are used. -L isnt mnemonic for "normal" but "local". If I log in to CLIENT host and then run ... ssh -L 7777:localhost:110 SERVER Then SSH creates a new port nunber 7777 on the CLIENT. If I connect to localhost:7777 from the client, then I an actually talking to SERVER:110. But if I had run ssh -R 7777:localhost:110 SERVER Then SSH creates the new port number 7777 on the SERVER (not the client). Now if I log into the SERVER and connect to it's port 7777, I wind up talking to port 110 on the CLIENT. So.. -L creates a local port that allows me to access a remote service. -R makes a local service available to the remote machine on a port that "looks" local to the remote system. Confusing, I know - but I hope that helps to clarify things. Chris -- http://www.lowth.com/rope - Identify and control complex protocols with Linux, IpTables and Rope.
|
|
07-11-2005
|
|||
|
|||
|
Re: Question concerning remote port-forwarding with SSH
Peter Meister wrote:
> I have difficulties to find out when I should use SSH remote port-forwarding e.g. > > ssh sshserver -R 7777:localhost:110 > > Notice the -R and instead of -L > > This would cause a data traffic (with the syntax: in-port:machine:out-port): > > MailClient(on remote):* -> 7777:SSHServer:* -> 22:SSHClient(on localhost):* -> 110:MailServer(on localhost) > > Are the following statement correct: > > - Use remote port-forwarding (-R) when the connection between SSH-Server > and ApplicationServer (e.g.MailServer) should be encrypted > - Use "normal" port-forwarding (-L) when the connection between ApplicationClient > (e.g.MailClient) and SSH-Server should be crypted > - Use remote port-forwarding (-R) when the SSHClient is on the machine > where the ApplicationServer (e.g.MailServer) is located > - Use "normal" port-forwarding (-L) when the SSHClient is on the machine > where the ApplicationClient (e.g. MailClient) is located > > Peter None of the above. SSH encrypts every time - whether -L or -R or neither are used. -L isnt mnemonic for "normal" but "local". If I log in to CLIENT host and then run ... ssh -L 7777:localhost:110 SERVER Then SSH creates a new port nunber 7777 on the CLIENT. If I connect to localhost:7777 from the client, then I an actually talking to SERVER:110. But if I had run ssh -R 7777:localhost:110 SERVER Then SSH creates the new port number 7777 on the SERVER (not the client). Now if I log into the SERVER and connect to it's port 7777, I wind up talking to port 110 on the CLIENT. So.. -L creates a local port that allows me to access a remote service. -R makes a local service available to the remote machine on a port that "looks" local to the remote system. Confusing, I know - but I hope that helps to clarify things. Chris -- http://www.lowth.com/rope - Identify and control complex protocols with Linux, IpTables and Rope.
|
|
07-14-2005
|
|||
|
|||
|
Re: Question concerning remote port-forwarding with SSH
This is one of the nicest explanations I could find on -L and -R
Thanks a lot. Payal Chris Lowth wrote: > Peter Meister wrote: > > I have difficulties to find out when I should use SSH remote port-forwarding e.g. > > > > ssh sshserver -R 7777:localhost:110 > > > > Notice the -R and instead of -L > > > > This would cause a data traffic (with the syntax: in-port:machine:out-port): > > > > MailClient(on remote):* -> 7777:SSHServer:* -> 22:SSHClient(on localhost):* -> 110:MailServer(on localhost) > > > > Are the following statement correct: > > > > - Use remote port-forwarding (-R) when the connection between SSH-Server > > and ApplicationServer (e.g.MailServer) should be encrypted > > - Use "normal" port-forwarding (-L) when the connection between ApplicationClient > > (e.g.MailClient) and SSH-Server should be crypted > > - Use remote port-forwarding (-R) when the SSHClient is on the machine > > where the ApplicationServer (e.g.MailServer) is located > > - Use "normal" port-forwarding (-L) when the SSHClient is on the machine > > where the ApplicationClient (e.g. MailClient) is located > > > > Peter > > None of the above. > > SSH encrypts every time - whether -L or -R or neither are used. > > -L isnt mnemonic for "normal" but "local". > > > If I log in to CLIENT host and then run ... > > ssh -L 7777:localhost:110 SERVER > > Then SSH creates a new port nunber 7777 on the CLIENT. If I connect to > localhost:7777 from the client, then I an actually talking to SERVER:110. > > But if I had run > > ssh -R 7777:localhost:110 SERVER > > Then SSH creates the new port number 7777 on the SERVER (not the > client). Now if I log into the SERVER and connect to it's port 7777, I > wind up talking to port 110 on the CLIENT. > > So.. -L creates a local port that allows me to access a remote service. > -R makes a local service available to the remote machine on a port > that "looks" local to the remote system. > > Confusing, I know - but I hope that helps to clarify things. > > Chris > -- > http://www.lowth.com/rope - Identify and control complex protocols with > Linux, IpTables and Rope.
|
Linear Mode
