OpenSSH 3.5p1 port forwarding problem on Solaris 2.8
From: Peter O'Boyle (peter.oboyle_at_bt.com)
Date: 04/30/03
- Next message: Jean-David Beyer: "Re: A Free SSH server for Windows ?"
- Previous message: Francesco: "A Free SSH server for Windows ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Apr 2003 11:57:31 +0100
Is any one using port forwarding on on Solaris 2.8 (SunOS 5.8) with
OpenSSH 3.5p1.
I'm trying to use port forwarding to get a SqlNet connections back thru
a firewall. But on the development box I can't get port forwarding to
work at all. I'm guessing there is a simple configuration setting that
needs changed but I can't see what it is.
The command I'm using is
ssh -R 7101:localhost:1521 remotehost
With the -v option it says the port forwarding has been set up
correctly, but when I try to use it it is not working.
To make sure it is not an Oracle problem I have been trying to forward
to the ssh port (22) with a ssh connection back to the original server.
i.e. on bounty I run the command
ssh -v -R8101:localhost:22 bounty
then try to do an ssh -p 8101 bounty to test the port forwarding works.
This gets a Connection refused (see below).
$ hostname
bounty
$ ssh -v -R8101:localhost:22 bounty
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to bounty [10.230.199.220] port 22.
debug1: Connection established.
debug1: identity file /export/home/users/poboyle/.ssh/identity type 0
debug1: identity file /export/home/users/poboyle/.ssh/id_rsa type 1
debug1: identity file /export/home/users/poboyle/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
debug1: Local version string SSH-1.5-OpenSSH_3.5p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'bounty' is known and matches the RSA1 host key.
debug1: Found key in /export/home/users/poboyle/.ssh/known_hosts:2
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying RSA authentication with key
'/export/home/users/poboyle/.ssh/identity'
debug1: Received RSA challenge from server.
debug1: Sending response to host key RSA challenge.
debug1: Remote: RSA authentication accepted.
debug1: RSA authentication accepted by server.
debug1: Requesting pty.
debug1: fd 4 setting TCP_NODELAY
debug1: Connections to remote port 8101 forwarded to local address
localhost:22
debug1: Requesting shell.
debug1: Entering interactive session.
Last login: Wed Apr 30 11:33:38 2003 from bounty
Sun Microsystems Inc. SunOS 5.8 Generic February 2000
Sun Microsystems Inc. SunOS 5.8 Generic February 2000
$ ssh -v -p 8101 bounty
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to bounty [10.230.199.220] port 8101.
debug1: connect to address 10.230.199.220 port 8101: Connection refused
ssh: connect to host bounty port 8101: Connection refused
the ssh_config and sshd_config files are
$ cat /usr/local/etc/ssh_config
# $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 1,2
# Cipher 3des
# Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
---------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------
$ cat sshd_config
# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /usr/local/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /usr/local/etc/ssh_host_rsa_key
#HostKey /usr/local/etc/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in
/usr/local/etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of
'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/local/libexec/sftp-server
#port forwarding
AllowTcpForwarding yes
------------------------------------------------------------------------------
------------------------------------------------------------------------------
This all works fine on the SSH Version 1.2.32 [sparc-sun-solaris2.8]
that I want to replace with OpenSSH. Any help or suggestions are
welcome.
Peter O'Boyle
- Next message: Jean-David Beyer: "Re: A Free SSH server for Windows ?"
- Previous message: Francesco: "A Free SSH server for Windows ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
