Hi, My problem is this: I'm using the remote forwarding command on PC1. (So that a port on PC2 is forwarded to a port on PC1.) Remote forwarding works fine, but unwanted is that the command will also login onto PC2. Unwanted because PC1 is not fully under my control (but PC2 is), so people on PC1 can find out about how to log into PC2 by looking at PC1 and get a shell prompt.
At the moment I fixed this using Bitvise WinSSHD (Win32 SSH server software). This program has an option called "Permit terminal shell: No". Using this will cause the command to authenticate, but after that it will not give a shell prompt, only a black screen. So using that account of WinSSHD, people will able to authenticate, but will not be able to login in the shell. But when using an account of OpenSSH, people will also be able to login in the shell, which is unwanted. I only need SSH tunneling, but not SSH shell login. Of course I can use WinSSHD, but I'm looking for a solution using OpenSSH. Regards, Jesse -----Oorspronkelijk bericht----- Van: Thorsten Peter [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 25 november 2005 18:22 Aan: Jesse CC: [email protected] Onderwerp: Re: SSH Tunneling without console login hey, well you won't be able to open ssh tunnels, no matter what without logging in to the server. that's the way it works. i am not sure what your point is. maybe you wanna try what i do for tunneling purposes, i login to the remote server with the following command: ssh -fN [EMAIL PROTECTED] -L localport:targetip:targetport (in your case -R for remote forwarding) -f forces ssh to go into background. -N makes it stop executing other commands (for tunneling purposes only) so what it does, it logs in to your remote server, as a background process. you can then just leave it running, log out of your local shell, or do whatever your want. but still you DO login to the remote console. just that you don't have the ssh login running as a foreground process. regards Thorsten Jesse wrote: > Question: > Is it possible to use remote port forwarding (tunneling) without having to > login on the console? > > Situation: > I have a server (PC1) which is running a SSH service behind a firewall. I do > NOT have any control over the firewall, but I do want to access the SSH > service of PC1 from PC2 over the Internet. > > Solution for the situation: > I'm using the following command on PC1 to let PC1 make a SSH-tunnel to PC2 > ssh -R 4000:localhost:22 [EMAIL PROTECTED] > And I have installed a SSH service on PC2 to make tunneling possible. > > Same question in detail: > When I use the command above, it will make the tunnel, but I will also make > PC1 login on the console of PC2. That last step is something I do not want. > PC1 should only make the tunnel to PC2, but should NOT login on the console > of PC2. > Is this possible? > > > -Jesse > > > >
