Reputation: 111
Docker SSH forwarding - bind: Address not available
I have a Docker container, which I would like to be able to interact with a database trough a SSH tunnel.
My Docker image is built on an alpine image and in the Dockerfile I have installed openssh-client and exposed port 27017
When I spin up my Docker image and try to forward the ports with:
ssh -i /.ssh/ssh_key user@remote_ip -L 27017:localhost:27017 -Nf
I get an error:
bind: Address not available
It is not a problem to ssh into the remote server, but I am not able to forward the ports.
Thanks
Upvotes: 11
Views: 8927
Answers (2)
Reputation: 13498
You can get a "bind address not available" if you don't specify which interface you want to use. By default it will use all of them, including IPV6. In my case, it was binding on IPV4 but the "address not available" was actually for IPV6 e.g. bind [::1]:2001: Address not available. If you use the -4 option, this will use IPV4 only and if you were getting an IPV6 type error, then this will resolve that for you, which it was for me on Arch Linux.
-4 Forces ssh to use IPv4 addresses only.
-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are sup‐ ported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the lis‐ tening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.
Upvotes: 6
Reputation: 91
I manage to create a ssh tunnel from a docker-compose using this entrypoint:
ssh -4 -i /.ssh/ssh_key -NL *:27017:0.0.0.0:27017 user@remote_ip
and then i was able to use the ssh tunnel from an another container by using the network created with the docker-compose
docker run --network=tunnel_default image nmap -p 27027 service_name
tunnel_default is the name of the network
image is a docker image where nmap is installed (it allows you to check open ports)
service_name is the name i gave to the service inside the docker-compose
Upvotes: 9
Related Questions
- Setup Docker Container with SSH server?
- SSH agent forwarding to Docker Alpine container from Mac OS
- Running OpenSSH in an Alpine Docker Container
- Invalid bind address format: Connect to remote DOCKER_HOST via ssh from docker in docker
- ssh troubleshooting, connecting to alpine docker image ssh_exchange_identification: Connection closed by remote host
- Unable to SSH into Docker container running Alpine Linux 3.10
- SSH config file port forwarding not working as expected in Docker (compose)
- How to access a host port (bind with ssh -R) from a container?
- SSH port forwarding in Docker
- Docker, how to remote ssh from command line host to a docker container?