How do I forward 443 to my machine from remote?

ssh port-forwarding remote

  1. This is authorized. I just need to figure out how to do it.

  2. I want to forward web traffic from the target machine to my local machine such that when something on the remote machine tries to communicate over port 443 (https), it's perspective is from my local box.

Problem I'm trying to solve is as follows:

We have docker training going on in one specific machine we built just for this task. Right now, it can't access github and we need that for the training. Our team is authorized access to github explicitly.

Having what I think is probably just a lot of trouble with the syntax.

From my desktop machine, have tried: 

ssh -vnNT -R 443:[ my ip addr from remote's perspective ]:443 [ remote host name ]

What I'm seeing in the debug output is: 

debug1: Authentication succeeded (publickey).
Authenticated to remoteHostName ([remoteIpAddr]:22).
debug1: Remote connections from LOCALHOST:443 forwarded to local address [ my ip ]:443
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Remote: Server has disabled port forwarding.
debug1: remote forward failure for: listen 443, connect [my ip]:443
Warning: remote port forwarding failed for listen port 443
debug1: All remote forwarding requests processed

Now you would think that the above would mean that port forwarding was not configured on the server or set to 'no'. What I have set is:

AllowTcpForwarding yes
GatewayPorts yes

...and I've restarted it twice. :-/


1) sshd_config is not the only source of forwarding options.

Even if the server allows forwarding globally, individual connections (specific public keys) may be restricted using options specified in the remote ~/.ssh/authorized_keys file.

If you use OpenSSH "certificates", then restrictions may be encoded within the certificate itself. Use ssh-keygen -L to check.

2) You need root privileges on the remote system for this.

SSH port forwarding involves ordinary sockets listening for TCP connections on one end, making connections on another. (So it's more like proxying than the packet-level port forwarding seen on routers.)

With -R, the listening sockets are set up by the sshd worker process that handles your connection. That process runs under your own (remote) user ID, so it is subject to the same restrictions as your own programs would. In particular, it isn't allowed to bind sockets to a port below 1024 (the "privileged port" range) unless it has root privileges or something similar – which directly means that you must log in as root@ to the remote system.

Related

different username for commit and github interaction
Is there a way to set Excel up whereby trailing spaces are visible?
How do I fix a system crash with WHEA_UNCORRECTABLE_ERROR?
How do I get the "old style" system print dialog for Chrome on Windows?
Output each commands results into a separate file
How can I execute this function using VBA in excel?
is there a tool which enhances the windows open/save file dialog to allow adding comments (descript.ion file)
"Unspecified Error" when renaming folders in Windows 10 [closed]
use adsl modem as wifi router
Microsoft Office 2007 license self-audit?
Cygwin fstab - what am I doing wrong?
OpenSSH server refuses to accept key authentication unless logged into server locally