Results 1 to 3 of 3

Thread: Forwarding SSH privileged ports using keys.

  1. #1
    Join Date
    Jun 2009
    Location
    Toronto
    Beans
    160
    Distro
    Ubuntu Development Release

    Forwarding SSH privileged ports using keys.

    I've recently stopped using passwords for SSH, instead preferring to distribute keys to ~/.ssh/authorized_keys file for the various machines I need access to.

    However, you need to be root to forward a port such as 80, which I want to do to get into my server's MythWeb interface. Unfortunately

    Code:
    ssh me.myvnc.com -L 80:localhost:80
    gets us "Privileged ports can only be forwarded by root." as we'd expect. So we can try

    Code:
    sudo ssh me.myvnc.com -L 80:localhost:80
    At this point I'm prompted for my password. This results in "Permission denied (publickey)."

    Of course, root doesn't have a publickey set up on the remote server!

    But Ubuntu also doesn't have a root user! So how does one get around this - do you have to create a root user and generate keys? That doesn't seem ideal since root doesn't exist on Ubuntu for security reasons as I understand things. Thanks!

  2. #2
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,721
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Forwarding SSH privileged ports using keys.

    Not an ideal solution, but could you just plain ssh into the box, and then as root set up a reverse ssh tunnel?

  3. #3
    Join Date
    Jun 2009
    Location
    Toronto
    Beans
    160
    Distro
    Ubuntu Development Release

    Re: Forwarding SSH privileged ports using keys.

    Quote Originally Posted by kevdog View Post
    Not an ideal solution, but could you just plain ssh into the box, and then as root set up a reverse ssh tunnel?
    I ran into the same problem, but in the other direction.

    Turns out the easiest way to accomplish what I want is

    Code:
    ssh -L 8080:localhost:80 me.myvnc.com
    then I can just punch "localhost:8080" into the browser to get my remote Apache server and MythWeb. 8080 isn't privileged, so no need to be root.

    This isn't going to let me tunnel port 80 directly over ssh, but now I'm on a mission to figure that out as well. >
    Last edited by tehowe; January 27th, 2012 at 08:59 PM.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •