ssh port-forwarding with GatewayPorts = no

Question

I want to forward sshd (port 22) on machine X which has a non-routeable IP. The forwarding options are nc (which is horrible), inetd (requires privs), iptables (requires privs) and ssh. So I'm using ssh, which has the added bonus of providing an encrypted tunnel.

I have a machine Y with a public IP. I want to expose X:22 as Y:8022.

X $ ssh -R8022:localhost:22 Y

This works, but port 8022 is bound to the loopback:

Y $ netstat -ant
. . .  
tcp        0      0 127.0.0.1:8022          0.0.0.0:*               LISTEN

which means I cannot connect from any foreign machines. Since GatewayPorts is no in Y's /etc/ssh/sshd_config, I cannot specific another bind address. Any ideas?

---

Note: I did manage to get things working by using another tunnel from Y to Y:

Y $ ssh -g -L9022:localhost:8022 localhost

which is a very inefficient solution: it encrypts/decrypts on localhost from port 9022 to 8022, then encrypts again before sending to X. Surely there must be a better way?

Answer 1

Try to run something like socat after connected to Y？

ssh -R8022:localhost:22 Y socat tcp-listen:9022,fork,reuseaddr tcp:127.0.0.1:8022

Then you can connect to X through Y:9022

Answer 2

since GatewayPorts is off, i haven't any solution <-- comment from answerer themselves.

Why do you use a reverse port forwarding?

On host Y:

ssh -f -N -q -L :8022:localhost:22 user@X should do the trick

-f: daemonize

-N: no command

-q: quiet

-L: port forward

-: leading: : is used to enable local port via all interfaces, not only localhost