Re: ssh tunnel problems


On Sun, 2008-06-22 at 02:55 +0930, Tim wrote:
On Sat, 2008-06-21 at 10:22 -0400, Rick Bilonick wrote:
[chippy@localhost ~]$ ssh server@localhost -p 5000 -v
OpenSSH_4.7p1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 5000.
debug1: connect to address 127.0.0.1 port 5000: Connection refused
ssh: connect to host localhost port 5000: Connection refused

I'm using "localhost" because I was following an example. I guess I
could substitute an IP for localhost. Isn't "localhost" just another
name for the local computer? So on the first use of ssh, localhost
refers to the server and on the second use of ssh, it refers to the
home computer. At least, that's what I believe.

"localhost" is how a computer refers to itself. Just the same as a
group of people in a room will all think of themselves as "myself" or
"I". While correct, they could only ever converse about themselves, not
anyone else in the room. Trying to network between different computers
all going by the same hostname is going to twist your brain around in
circles.

If you do try "ssh server@localhost" you're going to try and connect to
the SSH daemon on the same machine that you're typing on, which may or
may not actually connect. But you're certainly not going to connect to
another machine, using that address.

If you don't have unique hostnames that are resolveable on your LAN
(i.e. everyone knows the name and IP of *all* hosts on the LAN), then
use numerical IP addresses.

Again, don't fall down the "looking in the mirror" trap by trying to
connect to 127.0.0.1. That's the numerical address for a machine to
refer to itself.

You're playing with the local loopback device. 127.0.0.1 is the
traditional IP address for it, and localhost is the traditional hostname
for it.

--
[tim@localhost ~]$ uname -r
2.6.25.6-55.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.


OK, apparently the example I followed from a website was not completely
correct.

So after trying a bunch of things, I did get this to work from my home
computer to my ISP's server. Here is what I did:

ssh -R 4022:home:22 myaccnt@xxxxxxxxxx

where "home" is actually the IP of my home network (instead of using
"localhost" which definitely does NOT work). This asked me for my
password and it connected.

To see if the port was set up, I then did (on my.isp.net):

netstat -an | grep 4022

and it shows that it is listening on port 4022.

So then from my.isp.net I did:

ssh -p 4022 me@localhost

where "me" is the user on my home computer. Note that "localhost" must
be used here so I can use the port that I set up. This asks me for my
password and I connect and see files on my home computer (from being
logged in on the isp's server).

So I know that in principle this can work.

So I went back to my office and set up a connection from work to my home
computer:

ssh -R 3022:work:22 me@home

where "work" is my work server's IP and "home" is my home computer's IP.
This asks me for my password and I connect and can see files, etc. I did
the "netstat -an | grep 3022" and it shows that it's listening on port
3022.

So then from my home computer I do:

ssh -v -p 3022 abc@localhost

where "abc" is my user account on the work server and get:

OpenSSH_4.7p1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 3022.
debug1: Connection established.
debug1: identity file /home/me/.ssh/identity type -1
debug1: identity file /home/me/.ssh/id_rsa type -1
debug1: identity file /home/me/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

It never asks for my password.

So it works from home to isp, but for some reason does NOT work from
work to home.

What on the work server could be preventing the reverse tunnel from
working? On the server I do use hosts.allow to only allow ssh from my
home computer. Could this possibly prevent the reverse tunnel from
working? Or is the problem on my home computer?

Thanks to everyone who replied with suggestions and questions. At least
I'm making some progress.

Rick B.



--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: puTTy: Coonection reset by peer
    ... I'm always getting a "connection reset by ... Your problem has nothing to do with "port 3306," or anything with your ... The difference is that the first is localhost access and the second is from ... because the code's user does not have a login via a remote host. ...
    (comp.security.ssh)
  • Re: MySQL/PHPMyAdmin on FC3 Connection Problem
    ... You say you opened the port 3306, ... that means that mysql is running and listening. ... If you had connection, then now try to access your mysql server from outside ... If you cannot connect on localhost, then please check that mysql is running ...
    (Fedora)
  • Re: ssh tunnel problems
    ... Connecting to localhost port 5000. ... debug1: connect to address 127.0.0.1 port 5000: Connection refused ... password and I connect and see files on my home computer (from being ...
    (Fedora)
  • Re: Remote Access from work to home
    ... VPN from their home computer to the LAN at work ... You could use either RDC or VNC to access your home XP Pro pc. ... difficultly is getting a network connection to it. ... RDC required port 3389 forwarded, ...
    (microsoft.public.windows.server.sbs)
  • Re: C# Reflection - Nasty bug??
    ... Can you telnet into localhost to the port your server is running and get ... >>> This happens when LAN connection is present upon starting ...
    (microsoft.public.dotnet.languages.csharp)