Re: ssh tunnel problems


On Mon, 2008-06-23 at 13:06 -0400, Rick Bilonick wrote:
How do you explain that this works fine when going from my home computer
to an account on my ISP's computer? I followed an example posted on the
web (which DID have one mistake in using "localhost" which I corrected -
but the other use of "localhost" is AFAIK correct). In order to do a
reverse tunnel, don't you have to point to localhost in order to use the
forwarded port?

I don't see this as confusing:

(on my.work.server which is behind a firewall that blocks incoming ssh
but not outgoing ssh)

ssh -R 2022:my.work.server:22 me@xxxxxxxxxxxxx

where "my.work.server" is the IP address for my.work.server and
"home.computer" is the IP address for my home.computer. This sets up the
port forwarding for a reverse tunnel (that's the -R option). If on
home.computer I do:

netstat -an | grep 2022

it shows that home.computer is listening to port 2022.

Then, to use the reverse tunnel (again on home.computer):

ssh -p 2022 accnt@localhost

where "accnt" is the user account on my.work.server and I use the
password for accnt on my.work.server. This should allow me then to go
through the ssh tunnel in the reverse direction (getting through the
firewall that is blocking the use of incoming ssh from the home computer
to the my.work.server).

Even after removing everything in hosts.allow on my.work.server, I still
can't connect.

This SAME set up works fine if I set up the tunnel from my home computer
to my account on my ISP's server. And yes I'm using "localhost" similar
to what I show above. And I've tried it from my.work.server to my
account on my ISP but have the same problem so the problem is something
on my.work.server.

Is it possible for the firewall to block a reverse tunnel (without
blocking outgoing ssh)?

Rick B.


One more thing. I just tried this on another Fedora 8 computer hooked to
a different network (at the same organization) that has a fire wall
blocking incoming ssh. I followed the same strategy as outlined above
and it works like a charm. So this procedure DOES work as I've outlined
it above IN PRINCIPLE. For some reason, it doesn't work on the other
server.

Rick B.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: ssh tunnel problems
    ... to an account on my ISP's computer? ... but the other use of "localhost" is AFAIK correct). ... port forwarding for a reverse tunnel. ... firewall that is blocking the use of incoming ssh from the home computer ...
    (Fedora)
  • Re: ssh tunnel problems
    ... On Mon, 23 Jun 2008, Rick Bilonick wrote: ... to an account on my ISP's computer? ... port forwarding for a reverse tunnel. ... firewall that is blocking the use of incoming ssh from the home computer ...
    (Fedora)
  • Re: Using WMI to disable a user account
    ... I want to use a WMI script to disable a user account. ... compName = "localhost" ... but the user's account is not disabled. ...
    (microsoft.public.windows.server.scripting)
  • Re: Mail Recieving and sending problem?
    ... Localhost is not a correct account name. ... This error is usually caused by scanning e-mail, ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Not trying to be a pest, but dont understand some threads
    ... I also just unchecked "include the selected account (localhost) in ... this group and created a new group only including selected account ... smtp.mail.yahoo.co.uk under the smtp server. ... Outlook, I was able to send out emails through my yahoo.co.uk POP ...
    (microsoft.public.outlook.installation)