Geek Answers Handbook

How to get remote IPs from ssh reverse tunnel

I have an Apache web server running on a local machine through a ssh reverse tunnel, i.e.:

ssh -R *: 80: local_machine: 8080 username @gateway_machine

In other words, all traffic from port 80 on gateway_machine is sent to port 8080 on local_machine.

For monitoring purposes, I want to know the IP addresses of remote clients connected to gateway_machine. However, my local Apache server sees all the traffic coming from the gateway_machine IP address.

My question is: is there a way to configure the ssh server on gateway_machine so that it sends all traffic to local_machine with valid remote IP addresses?

+4
source share
1 answer

SSH uses a channel type called "direct-tcpip" to forward a TCP connection. A protocol message to open one of these channels includes the address and port of the client whose connection is being forwarded. Thus, the information you want is available to the ssh client (which in your case opens a connection for the purpose of forwarding).

The OpenSSH ssh client logs the sender address and port in a debug level message, so you can see it if you run ssh with the -v option:

 $ ssh -v -R 2000:localhost:1000 localhost ... debug1: client_request_forwarded_tcpip: listen localhost port 2000, originator ::1 port 51101

Here the sender address was: 1 (IPv6 localhost) and port 51101. The ssh utility does nothing with the information.

So, depending on your needs, you have three approaches for collecting this information:

  • Call the ssh process, which creates these forwards with the -v option, and organizes the collection and analysis of relevant debugging information.
  • Make the source code changed to ssh so that it does what you want it to do information.
  • Write your own ssh client that does what you want. SSH client libraries are available for most modern programming languages.
0
source

More articles:


All Articles