Skip to content

SSH port forwarding loop

Warning: this is totally silly and useless. Don't do this on production machines.

Let's try something silly for once.

tokyo$ ssh -L 5555: user@moscow
moscow$ ssh -L 5555: user@berlin
berlin$ ssh -L 5555: user@newyork
newyork$ ssh -L 5555: user@tokyo
tokyo$ echo a | netcat 5555
# after a while...
channel 1017: open failed: administratively prohibited: open failed

Use tcpdump on any of the hosts to watch your "a" go round the world endlessly (well, almost: just until all available file descriptors are eaten up). It works even without piping the "a" into netcat.

If you don't have machines around the world, a simpler (but admittedly less
dramatic) way of doing the same thing with a single machine is:

host1# ssh -L 5555: user@
host1# echo a | netcat 5555

and of course any number of machines can be chained this way, as long as it's possible to ssh from the last into the first.

Yes, I did say it was silly.

Be Sociable, Share!

Leave a Reply