top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

ssh/port forwarding - listening by multiple clients

+3 votes
463 views

Trying to see if ssh/port forwarding can be used to solve a prob. I want to have multiple clients connected to a single master server

The masterServer/app is providing data on port X
The clientNodes/apps should then listen on port X

ssh allows for port forwarding, but I can't figure out how to accomplish this using ssh/port forwarding.

I've tried using :
ssh -L 8000:localhost:8000 bob@foo.com -p abc
as foo.com:abc is the vm ip/port that's the server app

I then did a test using nc where on the serverside, I did a nc -l 8000, and got an err msg indicating the port was already in use

Port 8000 is the port the server app sends data on, and is the port I'd like to listen on on the clientnodes/apps..

posted Sep 16, 2013 by Deepak Dasgupta

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

So what I'm getting from this is:

The server has an application listening on port 8000 (so that put's that port in use on the server side). The clients, via the ssh command, bind port 8000 on their side and any traffic to that port on their side from that machine is forwarded to port 8000 on the server foo.com over port "abc" (the port that ssh is using to connect to the remote server).

All of which has me a tad confused.

In a typical client/server setup, your clients will access the server on a given port. The server won't, necessarily, care what port the clients are talking to it from as once the client makes the connection you'll have your 3-way handshake done and a socket setup. IF the server sometimes initiates the contact to the client THEN the client will need to be listening on a particular port. That being said, if you need to forward packets back and forth over ssh, I don't think that the server app and the client app can be listening on the same port UNLESS you specifically bind the server port 8000 to a particular interface/address AND the server has multiple nics/addresses which can be used (the same holding true for the client). I THINK this scenario would work if you have it available:

Ex: server has addresses 1.2.3.3 and 1.2.3.4
 Server app runs on port 8000 but ONLY on address 1.2.3.3
 From the server you "ssh -L 1.2.3.4:8000:localhost:8000 bob@10.1.2.3 -p 2222"

 client has addresses 10.1.2.3 and 10.1.2.4
 Client app runs on port 8000 but ONLY on address 10.1.2.3
 From the server you "ssh -L 10.1.2.4:8000:localhost:8000 bob@1.2.3.3 -p 2222"

When the server needs to talk to the client on port 8000 it would need to talk to it's own address of 1.2.3.4 which would forward the traffic over the ssh connection to the remote machine 10.1.2.3:8000. When the client needs to talk to the server on port 8000 it would have to talk to it's own address of 10.1.2.4:8000 which would then forward the traffic over an ssh tunnel to 1.2.3.3:8000. This is all much easier if the client and server don't share a port assignment (assuming that both the server and client apps need to INITIATE conversations...if only one side is always the INITIATOR of the conversation, you would still want to have the server and client bound to separate ports, if only because there may come a day when you are running the client app on the same machine as the server app.

answer Sep 16, 2013 by Abhay Kulkarni
Similar Questions
+2 votes

Is there way to use two different keys for ssh authentication on one machine for the same user to login the same server? I need one key for svn+ssh to run command on remote server and the other key to login and work from shell on that same server.

+2 votes

I have function in python,(Assume that i have imported all necessary module),

 def DL_Iperf(args):
        ssh=paramiko.SSHClient()
        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        ssh.connect(server_ip,username="root",password=Password)
some_code

This function is actually a thread and it will be created as many no of UE i have, (Ex: if i have 1 UE than 1 Thread will be created),

So, if i have 1 UE/ 2 UE than its working but if i have 3 UE then it is failing, with error "Paramiko : Error reading SSH protocol banner",

Below is the stderr of the script,

    No handlers could be found for logger "paramiko.transport"

    Unhandled exception in thread started by <function DL_Iperf at 0x02B8ACF0>
    Traceback (most recent call last):

    File "C:\Users\qxdm-5\Desktop\Chirag\LTE_11_Perfect_Working\TCP_Latest_2\Windo
    ws_UE\slave.py", line 379, in DL_Iperf

    ssh.connect(ServerIp,username="root",password=Pwd)

    File "build\bdist.win32\egg\paramiko\client.py", line 295, in connect

    File "build\bdist.win32\egg\paramiko\transport.py", line 451, in start_client

paramiko.SSHException: Error reading SSH protocol banner

From some reference i found that this is because of some network related issue, but my question is if it network related then why everytime in 3rd call of the function i am getting this error? And how do i resolve it?

+5 votes

We access our Subversion repositories mainly via svn+ssh:// on a central server. We limit access to the repos using Unix group membership. For example, the repo for ProjectA has 770 permissions and belongs to GroupA and ProjectB also has 770 permission and belongs to GroupB. So users who are in GroupA can access ProjectA and users in GroupB can access ProjectB. The file permissions look like this:

 drwxrws--- 7 svn GroupA 4096 Dec 27 2009 ProjectA
 drwxrws--- 7 svn GroupB 4096 Dec 27 2009 ProjectB

Everything is working as expected so far. Users in each group can only access their respective projects, and users in both groups can access both projects. But now we want to prevent a subset of users in GroupB from accessing certain subtrees of ProjectB. Can this be done when using svn+ssh:// access? If so, how?

+2 votes

I have a CENTOS 5 box that can reach the internet and can ping to/from all windows system on my home network. The catch is that I can not connect to the box using SSH from any windows machine, though they can easily ping the linux box and vice-versa.

...