ssh tunnel to non standard port .... connection refused

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Using intermediate server to tunnel SSH:

Setup is A -> B -> C where A lets only port 22 out, C uses 8888
instead of 22.
A,B,C are all valid internet ip addresses.

ssh directly from B -> C works with:      ssh -X -p 8888 user@C

I set up the tunnel from A (whose /etc/hosts contains
" localhost C")  with:

ssh -X -f user@B -N -L 4444:user@C:22

and the -v flag reports: local connections to LOCALHOST:4444 forwarded
                         to remote address C:22
                         Local forwarding listening on port
                         Entering interactive session.

Now for sending ssh through the tunnel I use:
ssh -v -X -p 8888 user@C but get "connect to C port 8888:connection

Here is the -v flag report: reading configuration data ~/.ssh/config
                            (which holds "Host C port 4444")
                            reading configuration data /etc/ssh_config
                            (which holds only commented lines)
                            Connecting to C [] port 8888
                            connect to address port 8888:

Connection refused is often due to authentication problems but as
above, B->C works.  Additionally both B and C have A's public key in
~/.ssh/authorized_keys.  Oddly, leaving off user in,
ssh -X -p 8888 C does not work from B->C, returning
"Permission denied (publickey)".  I don't understand this behavior or
if it's related to above refusals.


Re: ssh tunnel to non standard port .... connection refused

aar schrieb:
Quoted text here. Click to load it

I think, this is not needed for ssh. Read
man 5 ssh_config
and search for HostKeyAlias

Quoted text here. Click to load it

I suppose we are talking about openssh. I am not sure, what you want to
do with this command. The following should be working:

ssh -f -L 4444:C:8888 userB@B sleep 10
ssh -X -oHostKeyAlias C -p 4444 userC@localhost

The first command opens the tunnel and waits for 10 seconds. If the
second command is not run until this 10 seconds, the first ssh simply
finishes. You can write both commands in one line separated by ";"

If you need to tunnel to C more frequently you can insert the following
into your ~/.ssh/config:

Host C_over_B
   User userC
   Hostname localhost
   HostkeyAlias C
   Port 4444
   ForwardX11 yes

and then simply type
ssh -f -L 4444:C:8888 userB@B sleep 1; ssh C_over_B

Quoted text here. Click to load it

Do you have different users on B and C? Then, the public key of userB at
host B might not be in the ~/.ssh/authorized_keys of userC on host C?

Hope it helps

Site Timeline