Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
July 16, 2009, 6:59 pm
rate this thread
Setup is A -> B -> C where A lets only port 22 out, C uses 8888
instead of 22.
A,B,C are all valid internet ip addresses.
ssh directly from B -> C works with: ssh -X -p 8888 user@C
I set up the tunnel from A (whose /etc/hosts contains
"127.0.0.1 localhost C") with:
ssh -X -f user@B -N -L 4444:user@C:22
and the -v flag reports: local connections to LOCALHOST:4444 forwarded
to remote address C:22
Local forwarding listening on 127.0.0.1 port
Entering interactive session.
Now for sending ssh through the tunnel I use:
ssh -v -X -p 8888 user@C but get "connect to C port 8888:connection
Here is the -v flag report: reading configuration data ~/.ssh/config
(which holds "Host C port 4444")
reading configuration data /etc/ssh_config
(which holds only commented lines)
Connecting to C [127.0.0.1] port 8888
connect to address 127.0.0.1 port 8888:
Connection refused is often due to authentication problems but as
above, B->C works. Additionally both B and C have A's public key in
~/.ssh/authorized_keys. Oddly, leaving off user in,
ssh -X -p 8888 C does not work from B->C, returning
"Permission denied (publickey)". I don't understand this behavior or
if it's related to above refusals.
Re: ssh tunnel to non standard port .... connection refused
I think, this is not needed for ssh. Read
man 5 ssh_config
and search for HostKeyAlias
I suppose we are talking about openssh. I am not sure, what you want to
do with this command. The following should be working:
ssh -f -L 4444:C:8888 userB@B sleep 10
ssh -X -oHostKeyAlias C -p 4444 userC@localhost
The first command opens the tunnel and waits for 10 seconds. If the
second command is not run until this 10 seconds, the first ssh simply
finishes. You can write both commands in one line separated by ";"
If you need to tunnel to C more frequently you can insert the following
into your ~/.ssh/config:
and then simply type
ssh -f -L 4444:C:8888 userB@B sleep 1; ssh C_over_B
Do you have different users on B and C? Then, the public key of userB at
host B might not be in the ~/.ssh/authorized_keys of userC on host C?
Hope it helps
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum