1

I use the the ssh -R command to create a ssh reverse tunnel in the client side:

ssh -fNR 3389:127.0.0.1:3389 user@remotehost

In the client side, I can use the ps and netstat commands to find the ssh connection and the corresponding pid, local port and remote port behind the reverse tunnel by

sudo ps aux | grep "-fNR 3389:"

I was wondering if is there a way to find the same local port and remote port from the server side ? Thanks a lot for any suggestions.

Improve this question
New contributor
wangwei is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.

1 Answer 1

Reset to default
0

You could use

ss -tulpn | grep ':3389'  # Get the pid of the connected process

You get something like

tcp LISTEN 0 128 0.0.0.0:3389 0.0.0.0:* users:(("sshd",pid=9959,fd=7))

Use this pid in

ss -tp | grep -E 'pid=9959'

You get something like

ESTAB 0 0 192.168.1.84:ssh 192.168.1.52:33452 users:(("sshd",pid=9959,fd=4),("sshd",pid=9952,fd=4))

Btw.
Your sudo ps aux | grep "-fNR 3389:" only shows the executed command with parameters, but this wouldn't work if you use a script or ssh/config for forwarding.

Improve this answer
1
  • Thanks. But the first command only shows which programm is listening the port 3389. I want to know which program hold the ssh conncetion that "supports" the port listening since sometimes I must kill the port listening program and restart it agian but the ssh connections are not killed. My server has only a little RAM and a lot of ssh connections will exhaust it.
    – wangwei
    Commented 2 days ago

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .