Home > Uncategorized > Bypassing AllowTcpForwarding no

Bypassing AllowTcpForwarding no

Consider two machines foo and bar with the following hypothesis:

  • they both have a OpenSSH client and server
  • foo can connect to bar, while bar cannot connect to foo
  • bar have TCP forwarding disabled (AllowTcpForwarding no in sshd_config)

We want to forward the 8080 port of foo to the 8090 port of bar. So basically, if TCP forwarding was allowed:

foo$ ssh -R 8090:localhost:8080 bar

To by-pass the TCP forwarding interdiction we can use the stdin/stdout stream which is created by each ssh connection. To do so we need a tool like socat which allow to create double direction pipes between many things including TCP and stdin/stdout. socat must be installed on both machine. First create a remote_socat shell script on foo with:

ssh bar socat TCP-LISTEN:22003,reuseaddr STDIO

Then run:

foo$ socat TCP:localhost:22 EXEC:./remote_socat


bar$ ssh -p 22003 -L 8090:localhost:8080 localhost
Tags: ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: