SSH port forwarding on shared server

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

At uni I sometimes want to connect to things on my home server (web
server, etc).

I can do this using ssh with port forwarding (ssh -L ...), but the
problem is that the servers at uni run dozens of other terminal
clients, so everyone else gets access to my forwarded port!

Is there a way of making the local port secure in the sense that ssh
will only allow me to connect to it?

One idea I had is as follows:
- Wait until connection to local port
- Look through /proc for processes being run by the same user as ssh
- For each process owned by the user, look at any pipes it has open
- For each pipe, use fcntl or similar to find out if it's a TCP socket
- If it's a TCP socket, check if the source and destination hosts/
ports match the connection received by ssh
- If such a socket is found, forward the connection to the ssh'd host
- If no such socket is found, close the connection

Any ideas appreciated,

Re: SSH port forwarding on shared server

X-No-Archive: Yes

Only you want access to the forwarded port.
Use PuTTY, it has an option (under SSH, under Tunnels) that says:
"Local ports accept connections from other hosts."
Make sure that this option is unchecked.

That will solve your problem, nothing but your computer will have
access to this forwarded. Problem solved?
I don't know how this would work out under the OpenSSH ssh client,
which I assume you are using.

Re: SSH port forwarding on shared server

On Aug 19, 9:53 pm, wrote:
Quoted text here. Click to load it


This would work, but the problem is that the unix servers at my
university are shared. That means that dozens of people can be using
the same host at once (everybody has a different screen and keyboard,
but are all sharing a big powerful server over the network). I already
have that option disabled (using openssh you enable it if you want
with the -g option), but it doesn't really fix the problem in this


Site Timeline