SSH TCP forwarding: works with v1, not with v2 ssh
From: Chris Shenton (chris@shenton.org)
Date: 01/08/02
- Next message: Alexander N. Kabaev: "Re: SSH TCP forwarding: works with v1, not with v2 ssh"
- Previous message: Aquarius Training and Development: "Team Work in 2002"
- Next in thread: Alexander N. Kabaev: "Re: SSH TCP forwarding: works with v1, not with v2 ssh"
- Maybe reply: Alexander N. Kabaev: "Re: SSH TCP forwarding: works with v1, not with v2 ssh"
- Reply: Brian Nelson: "Re: SSH TCP forwarding: works with v1, not with v2 ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: freebsd-questions@FreeBSD.ORG From: Chris Shenton <chris@shenton.org> Date: 07 Jan 2002 19:09:22 -0500
I need to set up an SSH tunnel from my work to my home so I can get in
over the weekend. Worked on my previous work box, but not on my
current one. So I looked at the differences in the way they
established tunnels and saw that the old working one used SSHv1 from
work to my house, the broken one used SSHv2. Both of them indicate
that they're setting up the tunnels with no problem, but the v2 tunnel
just hangs when I try and use it from home.
Below, I first establish a tunnel over SSHv1, then telnet back to show
I can get to the work ssh daemon:
cshenton@Palimpsest(257> ssh -1 -R 65001:palimpsest:22 chris@shenton.org
chris@shenton.org's password:
FreeBSD 4.5-PRERELEASE (Thanatos) #4: Fri Jan 4 10:18:35 EST 2002
chris@thanatos[257> netstat -an|grep 65001
tcp4 0 0 127.0.0.1.65001 *.* LISTEN
tcp6 0 0 ::1.65001 *.* LISTEN
chris@thanatos[258> telnet 127.0.0.1 65001
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20011202
quit
Protocol mismatch. [no problem, I typed garbage; the tunnel does work]
Then I do the same, from work to home, but with SSHv2. I'm including
some of the verbose output here so you can see it claims to be setting
up the tunnel:
cshenton@Palimpsest(257> ssh -v -R 65002:palimpsest:22 chris@shenton.org
OpenSSH_2.9 FreeBSD localisations 20011202, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
debug1: Reading configuration data /etc/ssh/ssh_config
[debug elided]
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9 FreeBSD localisations 20011202
debug1: match: OpenSSH_2.9 FreeBSD localisations 20011202 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9 FreeBSD localisations 20011202
[key and auth negotiation elided]
debug1: Connections to remote port 65002 forwarded to local address palimpsest:22
debug1: channel 0: new [client-session]
debug1: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 0 rmax 16384
FreeBSD 4.5-PRERELEASE (Thanatos) #4: Fri Jan 4 10:18:35 EST 2002
Now I check the netstat and see a listener, then try telnet to see if
something answers (if I get "connection refused" there's no listener);
the telnet connection hangs -- I don't get the SSH prompt when I do
the telnet hack.
chris@thanatos[257> netstat -an|grep 65002
tcp4 0 0 127.0.0.1.65002 *.* LISTEN
tcp6 0 0 ::1.65002 *.* LISTEN
chris@thanatos[258> telnet 127.0.0.1 65002
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
foo
Connection closed by foreign host.
I'm using telnet here instead of ssh back because "ssh -v" doesn't
show you that nothing answers; for yucks, I then try ssh and it does
hang:
chris@thanatos[259> ssh -v -p 65002 cshenton@127.0.0.1
OpenSSH_2.9 FreeBSD localisations 20011202, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
debug1: Reading configuration data /home/chris/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 1000 geteuid 1000 anon 1
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 65002.
debug1: temporarily_use_uid: 1000/1000 (e=1000)
debug1: restore_uid
debug1: temporarily_use_uid: 1000/1000 (e=1000)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /home/chris/.ssh/identity type 0
debug1: identity file /home/chris/.ssh/id_rsa type -1
debug1: identity file /home/chris/.ssh/id_dsa type -1
[hangs indefinitely here]
The man page for sshd says the daemon forwardds TCP connections by
default, and the verbose output above would indicate it *thinks* the
connection's being forwarded, but nothing happens.
There is no change if I use -1 or -2 versions when I try to come back
through the tunnel, as if my home client isn't able to connecto the
the work server and negotiate SSH versions.
Any clues where I can look to see why the incoming connection is just
hanging? Thanks.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Alexander N. Kabaev: "Re: SSH TCP forwarding: works with v1, not with v2 ssh"
- Previous message: Aquarius Training and Development: "Team Work in 2002"
- Next in thread: Alexander N. Kabaev: "Re: SSH TCP forwarding: works with v1, not with v2 ssh"
- Maybe reply: Alexander N. Kabaev: "Re: SSH TCP forwarding: works with v1, not with v2 ssh"
- Reply: Brian Nelson: "Re: SSH TCP forwarding: works with v1, not with v2 ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
