[opensuse] ssh tunnel not working as desired. Bug? [WAS Re: What does this mean in netstat -an output. Is it IPv6 related?]
On Thu, Jun 27, 2013 at 7:57 AM, James Knott <james.knott@rogers.com> wrote:
Greg Freemyer wrote:
What does ::::80 mean (I know port 80 is http)? :: is the IPv6 equivalent of 0.0.0.0 What does ::1:33333 mean?
::1 is the IPv6 equivalent of 127.0.0.1
Is it IPv6 stuff?
Yes, you can use ssh -4 or ssh -6 to force ssh to use the desired protocol.
I may need to open a new thread, but I atleast understand my problem now:
From a opensuse 12.2 machine I can initiate 2 ssh tunnels:
For the first one I call /usr/bin/autossh iac@www.intelligentavatar.net -i /root/id_rsa_iac -p 22 -ynNT -R 33333:localhost:22 -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -o ServerAliveCountMax=3 which invokes: /usr/bin/ssh -i /root/id_rsa_iac -p 22 -ynNT -R 33333:localhost:22 -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -o ServerAliveCountMax=3 The remote host www.intelligentavatar is running centOS 6.3 and the above properly causes a port 33333 listen on 0:0:0:0 for IPv4. For the second one I call /usr/bin/autossh iac@cloud1.intelligentavatar.net -i /home/iac/.ssh/id_rsa -p 22 -ynNT -R 33333:localhost:22 -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -o ServerAliveCountMax=3 which invokes: /usr/bin/ssh -i /home/iac/.ssh/id_rsa -p 22 -ynNT -R 33333:localhost:22 -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -o ServerAliveInterval=60 -o ServerAliveCountMax=3 (I have 2 different private keys in 2 different places which is why the lines don't line up well.) For the second tunnel, the remote host is a openSUSE 13.3 machine recently installed and with all security patches in place. On that tunnel, the remote host is ONLY opening port 33333 for local host use, both IPv4 and IPv6 local host. I'm pretty sure it is not a key issue because the tunnels are being eststablished for both. It is just that when openSUSE 12.3 is the remote end, I have to be on that server to use the tunnel. Not really what I want / need, and I don't understand why the difference. Is there a bug in opneSUSE 12.3? Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Thu, 27 Jun 2013 11:30:50 -0400 Greg Freemyer <greg.freemyer@gmail.com> пишет:
I may need to open a new thread, but I atleast understand my problem now:
From a opensuse 12.2 machine I can initiate 2 ssh tunnels:
For the first one I call /usr/bin/autossh iac@www.intelligentavatar.net -i /root/id_rsa_iac -p 22 -ynNT -R 33333:localhost:22 -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -o ServerAliveCountMax=3 which invokes: /usr/bin/ssh -i /root/id_rsa_iac -p 22 -ynNT -R 33333:localhost:22 -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -o ServerAliveCountMax=3
The remote host www.intelligentavatar is running centOS 6.3 and the above properly causes a port 33333 listen on 0:0:0:0 for IPv4.
For the second one I call
/usr/bin/autossh iac@cloud1.intelligentavatar.net -i /home/iac/.ssh/id_rsa -p 22 -ynNT -R 33333:localhost:22 -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -o ServerAliveCountMax=3 which invokes: /usr/bin/ssh -i /home/iac/.ssh/id_rsa -p 22 -ynNT -R 33333:localhost:22 -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -o ServerAliveInterval=60 -o ServerAliveCountMax=3
(I have 2 different private keys in 2 different places which is why the lines don't line up well.)
For the second tunnel, the remote host is a openSUSE 13.3 machine recently installed and with all security patches in place.
On that tunnel, the remote host is ONLY opening port 33333 for local host use, both IPv4 and IPv6 local host.
I'm pretty sure it is not a key issue because the tunnels are being eststablished for both. It is just that when openSUSE 12.3 is the remote end, I have to be on that server to use the tunnel. Not really what I want / need, and I don't understand why the difference.
Is there a bug in opneSUSE 12.3?
Check description of GatewayPorts in sshd_config(5). It is probably set explicitly in your first system. Default for sshd is to bind to localhost only. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Jun 27, 2013 at 1:43 PM, Andrey Borzenkov <arvidjaar@gmail.com> wrote:
Check description of GatewayPorts in sshd_config(5). It is probably set explicitly in your first system. Default for sshd is to bind to localhost only.
Thank you, setting that in /etc/ssh/sshd_config was exactly the problem. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Andrey Borzenkov -
Greg Freemyer