OpenSSH_4.7p1, reverse shell

Bob Proulx bob at proulx.com
Wed Apr 2 09:20:16 EST 2008


Hayder Mouhammed wrote:
> What I am trying:
> 
> On C: ssh -N -R 10000:localhost:22 root at machineB
> On B: running sshd
> On A: ssh root at machineB -p 10000

A useful tool to double check where ports are open for listening is
'netstat'.  Try this to see all listening connections:

  netstat -na | grep LISTEN

  netstat -na | grep :10000

Try that on all of the involved systems and verify where you are
listening.  That can clear up a lot of confusion.

The next thing to look for when trying to connect remotely is what IP
address the listening port is bound.  This is controlled by
GatewayPorts=yes and I see that you set it in your sshd configuration.
Did you restart the daemon after changes to make sure they could take
effect?
127.0.0.1 only accepts connections from the loopback interface.
0.0.0.0 accepts connections from any network interface.  Any specific
IP address would be assocated with that specific network device.

After this I would simply 'connect'[*], or 'telnet' if that isn't
available, to the port and verify that you are getting an ssh banner.

On C:
  connect localhost 22

On B:
  connect localhost 10000

On A:
  connect B 10000

If the port is open and available but still blocked then I would look
for a firewall that is blocking the connection.

Bob

[*] http://www.meadowy.org/~gotoh/projects/connect


More information about the openssh-unix-dev mailing list