SSH Port forwarding

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi All,

I am running an application  over telnet interface on port say 5566
So I generally connect telnet <hostname> 5566.

How to connect to the application via ssh (using ssh portforwarding.)

Thanks and Regards,

Re: SSH Port forwarding

Jc wrote:
Quoted text here. Click to load it

ssh -L 5566:localhost:5566 userid@remotehost

telnet localhost 5566

Re: SSH Port forwarding

Thanks. It works.
But what happens is it directly logged into the remotehost which I
don't want. I want the user to get only the info through the port 5566
Any way?
Thanks in advance,
Chuck wrote:
Quoted text here. Click to load it

Re: SSH Port forwarding

On 9 Jan 2007 23:38:46 -0800

Quoted text here. Click to load it

It's a bit unclear what exactly you're looking for. If you want to
setup a tunnel between two systems and allow a other systems to use
that tunnel to connect, then use the -g option while forwarding. If you
instead want to use the remote host as a forwarder for the traffic into
a network it can access, then use ssh -L 5566:THIRDHOST:5566 REMOTEHOST
and then telnet localhost 5566 will work for you.


For UNIX, Linux and security articles

Re: SSH Port forwarding


I don't want the user to login into my host instead I want the user to
connect only the specific port. But what happens is, if I execute the
port forwarding command, the user was able to login to my host.
Hoe is can be  avided.

Thanks and Regards,
Doug Spencer wrote:
Quoted text here. Click to load it

Re: SSH Port forwarding

Quoted text here. Click to load it

If you're using OpenSSH you can set the user's shell to, eg, /bin/true.
(You will probably have to add /bin/true to /etc/shells too).  The user
will need to specify -N (or its equivalent in their client) to prevent
the client from requesting a shell.  This will work only with the SSHv2

Another alternative is to make the user's shell to be a shell script
that does something like "exec sleep 300".  This will work with both
versions of the ssh protocol but will leave a bunch of sleep processes
running for a while.

As far as restricting the users to a specific port, older versions of
OpenSSH could only do that if you were using pubkey authentication.
Newer versions (>=4.4) have a PermitOpen directive for this purpose.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Site Timeline