[erlang-questions] erlang ssh and port forwarding

Ali Sabil ali.sabil@REDACTED
Mon Jan 29 11:43:37 CET 2018


Hi Max,

I did the same thing some months ago, and I did dive into the Erlang ssh
implementation a bit.

I didn't have a need for port forwarding, but as far as I can remember they
are not implemented by the ssh application because all `ssh global
requests` are denied:
https://github.com/erlang/otp/blob/177eab3b67d9840c75d9986cd8870a84414bcacb/lib/ssh/src/ssh_connection.erl#L654

Best,
Ali

On Sun, Jan 28, 2018 at 9:35 AM, Max Lapshin <max.lapshin@REDACTED> wrote:

> Hi.
>
> I'm writing ssh proxy in erlang:  https://github.com/flussonic/ssh-proxy
>
> It is required for our support team:  engineers need to login to customers
> servers but I want to make a revocation of access.
>
> So this is a proxy that will hide our team private key from whole team
> (except me).
>
> There is a working POC, but I've got a problem:
>
> port forwarding do not work:
>
> debug1: Connection to port 9080 forwarding to localhost port 80 requested.
>
> debug1: channel 3: new [direct-tcpip]
>
> channel 3: open failed: administratively prohibited: Not allowed
>
> debug1: channel 3: free: direct-tcpip: listening port 9080 for localhost
> port 80, connect from ::1 port 54743 to ::1 port 9080, nchannels 4
>
>
> Is something not ready in erlang ssh?
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180129/9642b99c/attachment.htm>


More information about the erlang-questions mailing list