Join Log in
Score:0
Codeluppi avatar Server

Windows 10 and OpenSSH to encrypt a local TCP port

co flag
Codeluppi

I'm working on a Windows 10 machine. I wrote 2 apps: server and client. Both of them communicate via standard TCP sockets, no encryption. I installed OpenSSH, no certificates at the moment, just password login to keep things simple. I don't want to expose the server listening port to the rest of the world, so it's listening on 127.0.0.1:9000. I'd like to configure the SSH server to encrypt the traffic for the port 9000, tunneling it to 9001, so that the clients could connect to the server via an encrypted socket. I'm trying this:

ssh -p 22 -N -L 9001:localhost:9000 localhost

I would expect the client to be able to connect on localhost:9001 and, well it doesn't work. If I understood it correctly, the tunnel should encrypt the traffic between server and client in a transparent way, like nor the server nor the client are using an encrypted socket but they should be able to communicate via the tunnel.

The output from sshd is

debug1: Local connections to LOCALHOST:9001 forwarded to remote address localhost:9000
debug1: Local forwarding listening on ::1 port 9001.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 9001.
debug1: channel 1: new [port listener]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Connection to port 9001 forwarding to localhost port 9000 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: free: direct-tcpip: listening port 9001 for localhost port 9000, connect from 127.0.0.1 port 2408 to 127.0.0.1 port 9001, nchannels 3
debug1: Connection to port 9001 forwarding to localhost port 9000 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: free: direct-tcpip: listening port 9001 for localhost port 9000, connect from 127.0.0.1 port 2411 to 127.0.0.1 port 9001, nchannels 3
debug1: Connection to port 9001 forwarding to localhost port 9000 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: free: direct-tcpip: listening port 9001 for localhost port 9000, connect from 127.0.0.1 port 2413 to 127.0.0.1 port 9001, nchannels 3

As said, no reply from the server. Of course if I tell my client to connect straight into the port 9000 everything works fine.

I tried this approach before, for example to access a MySQL server on a remote machine. In that case it worked perfectly.

The sshd_config file is pretty standard, I tried changing a few parameters (ListenAddress, AllowTCPForwarding) with no luck. I don't think it matters but both apps are written in Qt/C++

Thank you for all the help you might be able to provide.

92
0 + 2
ssh
tcp
user10489 avatar
nc flag
user10489
ssh doesn't forward a port without a session. It's trying to log into your system but there's no local sshd to set up a session with...
0
Reply
Codeluppi avatar
co flag
Codeluppi
If there wasn't a session, how would I be able to login into the same machine? If I simply omit the -N switch I can login via a normal cmd session
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.