| All Forums |
Register |
Login |
Search |
Subscriptions |
My Profile |
Inbox |
| Tool Warehouse |
FAQs |
Resources |
Help |
Member List |
Address Book |
Logout |
|
|
RE: Trouble with port forwarding w/ OpenSSH 3.9
|
Logged in as: Guest |
| Users viewing this topic: none |
|
Login  |
|
|
 RE: Trouble with port forwarding w/ OpenSSH 3.9 - Oct. 31, '04, 9:45:41 PM
|
|
|
breiter
Posts: 346
Joined: Jun. 14, '04,
From: Washington, DC
Status: offline
|
Here is sshd 3.9.0.1.1 (BETA) on the server and ssh 3.9.0.1.1 (BETA) on the workstation. Doesn't work. I always get the port administratively closed message, although port forwarding is not prohibited in the sshd_config.
[breiter@johngalt]# ssh -v -L 3389:localhost:3389 remotehost.wolfereiter.com
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to remotehost.wolfereiter.com [XXX.XXX.XXX.XXX] port 8912918.
debug1: Connection established.
debug1: identity file /dev/fs/C/Documents and Settings/breiter/.ssh/identity typ
e -1
debug1: identity file /dev/fs/C/Documents and Settings/breiter/.ssh/id_rsa type
1
debug1: identity file /dev/fs/C/Documents and Settings/breiter/.ssh/id_dsa type
2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'remotehost.wolfereiter.com' is known and matches the RSA host key.
debug1: Found key in /dev/fs/C/Documents and Settings/breiter/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Trying private key: /dev/fs/C/Documents and Settings/breiter/.ssh/identi
ty
debug1: Offering public key: /dev/fs/C/Documents and Settings/breiter/.ssh/id_rs
a
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Offering public key: /dev/fs/C/Documents and Settings/breiter/.ssh/id_ds
a
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: Connections to local port 3389 forwarded to remote address localhost:338
9
debug1: Local forwarding listening on 127.0.0.1 port 8916285.
debug1: channel 0: new [port listener]
debug1: channel 1: new [client-session]
debug1: Entering interactive session.
ww ww ww rrrrrr
ww wwww ww rr rr
ww ww ww ww rr
ww ww rr
w w rr
Welcome to remotehost.wolfereiter.com, Brian.
If I have seen farther than others, it is because I was standing on the
shoulders of giants.
-- Isaac Newton
In the sciences, we are now uniquely privileged to sit side by side
with the giants on whose shoulders we stand.
-- Gerald Holton
If I have not seen as far as others, it is because giants were standing
on my shoulders.
-- Hal Abelson
In computer science, we stand on each other's feet.
-- Brian K. Reid
[breiter@remotehost]# debug1: Connection to port 3389 forwarding to localhost port 3389
requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: administratively prohibited: open failed
debug1: channel 2: free: direct-tcpip: listening port 3389 for localhost port 33
89, connect from 127.0.0.1 port 6321, nchannels 3
debug1: channel 0: free: port listener, nchannels 2
debug1: channel 1: free: client-session, nchannels 1
Connection to remotehost.wolfereiter.com closed.
debug1: Transferred: stdin 0, stdout 0, stderr 42 bytes in 458.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.1
debug1: Exit status -1
< Message edited by breiter -- Oct. 31, '04, 9:53:36 PM >
|
|
|
|
|
RE: Trouble with port forwarding w/ OpenSSH 3.9 - Nov. 1, '04, 12:53:29 AM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
The client code and the server code sides for port forwarding are near-identical.
But this 3.8<->3.9 experiment at least shows that the problem is on the server side.
And having debug output to to compare between the "good" and "bad" states is helpful
(I hope) too. thanks.
I'll see what I can do with the info.
|
|
|
|
|
RE: Trouble with port forwarding w/ OpenSSH 3.9 - Nov. 2, '04, 10:20:42 AM
|
|
|
breiter
Posts: 346
Joined: Jun. 14, '04,
From: Washington, DC
Status: offline
|
quote:
And having debug output to to compare between the "good" and "bad" states is helpful
(I hope) too. thanks.
I'll see what I can do with the info.
Have you been able to suss out a solution?
|
|
|
|
|
RE: Trouble with port forwarding w/ OpenSSH 3.9 - Nov. 2, '04, 11:59:38 AM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
> Have you been able to suss out a solution?
Not yet.
I haven't been able to duplicate the problem. I've made some really funky
tries at it. The worst was a loop I made (the server connected back to the
client who opened a new tunnel to the server who then...). Who knew so many
tunnels could be made so quickly :-/
I haven't given up on it. But I had to spent time making the next Toolworks CD
last night. More testing of the CD today. Off-topic, but if all of the /Tools
plus Interop Systems packages are installed it has a 1 GB disk footprint now!
I would like to clear up this and einhirn's problem before the CD is final.
|
|
|
|
 RE: Trouble with port forwarding w/ OpenSSH 3.9 - Nov. 2, '04, 8:35:53 PM
|
|
|
breiter
Posts: 346
Joined: Jun. 14, '04,
From: Washington, DC
Status: offline
|
quote:
ORIGINAL: Rodney
> Have you been able to suss out a solution?
Not yet.
I haven't been able to duplicate the problem. I've made some really funky
tries at it.
Would it help you to have a login on an afflicted server? I could arrange that with you off-list.
|
|
|
|
|
RE: Trouble with port forwarding w/ OpenSSH 3.9 - Nov. 3, '04, 4:25:17 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Sorry for the long delay replying.
Let's do that then.
|
|
|
|
|
RE: Trouble with port forwarding w/ OpenSSH 3.9 - Nov. 4, '04, 9:37:40 AM
|
|
|
breiter
Posts: 346
Joined: Jun. 14, '04,
From: Washington, DC
Status: offline
|
I think we're on to something. The problem appears to be with the ability of sshd to resolve "localhost" on a multi-homed server.
-L 12345:localhost:12345 >> fails
but
-L 12345:host.myhost.com:12345 >> works
|
|
|
|
|
RE: Trouble with port forwarding w/ OpenSSH 3.9 - Nov. 11, '04, 1:24:04 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Just to report:
We worked on this and have a patch now that allows Brian to have port forwarding
working for him with "localhost". It's in the beta directory right now. It'll
likely get moved over in a short while. The other thread by einhirn
(administrator's acct renamed) I want to clear-up still beforehand.
< Message edited by Rodney -- Nov. 11, '04, 1:26:21 PM >
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
|
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
|
Printable Version
