Server-Side Configuration for SSH Port Forwarding

The AllowTcpForwarding option in the OpenSSH server configuration file must be enabled on the server to allow port forwarding. By default, forwarding is allowed. Possible values for this option are
  1. yes or all to allow all TCP forwarding, 
  2. no to prevent all TCP forwarding, 
  3. local to allow local forwardings, and 
  4. remote to allow remote forwardings.


Another option of interest is AllowStreamLocalForwarding, which can be used to forward Unix domain sockets. It allows the same values as AllowTcpForwarding. The default is yes.

For example:

    AllowTcpForwarding remote
    AllowStreamLocalForwarding no

The GatewayPorts configuration option also affects remote port forwardings. Possible values were

  1. no (only local connections from server host allowed; default), 
  2. yes (anyone on the Internet can connect to remote forwarded ports), 
  3. clientspecified (client can specify an IP address that can connect, anyone can if not specified).

Comments