Re: Binding TCP ports
- From: sokrates_sf <sokrates_sf@xxxxxxxxx>
- Date: Tue, 17 Mar 2009 09:43:44 -0700 (PDT)
Hi Lew,
thanks for your support! See missing data below:
First off, show us the /actual/ command (not the "prototype" you gave us
above) that results in your 127.0.0.1 netstat results. In fact, show us the
command,
ssh -L 30999:localhost:8000 [destination_ip]
Instead of 'localhost' I also tried:
- internal IP address of machine
- 0.0.0.0
with same results.
the stdout
I am asked for the PW, get the welcome message (Have a lot of fun...)
and see the prompt of the remote machine
and syslog results it generates,
disabled
/and/ the results from "netstat -nlp | grep 'ssh'.
# netstat -nlp | grep 'ssh'
tcp 0 0 127.0.0.1:30999 0.0.0.0:*
LISTEN 28595/ssh
tcp 0 0 :::22 :::*
LISTEN 5954/sshd
tcp 0 0 ::1:30999 :::*
LISTEN 28595/ssh
Also, show us the contents of your
~/.ssh/config file
<empty>
and /etc/ssh/ssh_config file
# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
Host *
# ForwardAgent no
# ForwardX11 no
# If you do not trust your remote host (or its administrator), you
# should not forward X11 connections to your local X11-display for
# security reasons: Someone stealing the authentification data on the
# remote side (the "spoofed" X-server by the remote sshd) can read
your
# keystrokes as you type, just like any other X11 client could do.
# Set this to "no" here for global effect or in your own ~/.ssh/config
# file if you want to have the remote X11 authentification data to
# expire after two minutes after remote login.
ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# Set this to 'yes' to enable support for the deprecated 'gssapi'
authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is
included
# in this release. The use of 'gssapi' is deprecated due to the
presence of
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not
susceptible to.
# GSSAPIEnableMITMAttack no
# This enables sending locale enviroment variables LC_* LANG, see
ssh_config(5).
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL
Only by understanding /which/ ssh options you've selected and /how/ you
start your ssh client can we make appropriate recommendations on how you
can achieve your desired results.
understood - tx - hope that helps!
../p
--
Lew Pitcher
Master Codewright & JOAT-in-training | Registered Linux User #112576http://pitcher.digitalfreehold.ca/ | GPG public key available by request
---------- Slackware - Because I know what I'm doing. ------
.
- Follow-Ups:
- Re: Binding TCP ports
- From: Lew Pitcher
- Re: Binding TCP ports
- References:
- Binding TCP ports
- From: sokrates_sf
- Re: Binding TCP ports
- From: Lew Pitcher
- Binding TCP ports
- Prev by Date: Re: When did ISDN 128k come about?
- Next by Date: Re: Binding TCP ports
- Previous by thread: Re: Binding TCP ports
- Next by thread: Re: Binding TCP ports
- Index(es):
Relevant Pages
|
