SCP via SSH tunnel works, then not, then works again

• Previous message: dwalin: "Re: putty's telnet.c fix"
• Next in thread: Darren Tucker: "Re: SCP via SSH tunnel works, then not, then works again"
• Reply: Darren Tucker: "Re: SCP via SSH tunnel works, then not, then works again"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 23 Aug 2005 07:30:53 -0700

Need a little help here... done as much reading and digging as I can,
but still stuck.

I am using SSH to perform local port forwarding from my local machine
(L) to a remote machine (RA) behind a firewall at a remote site
(legitimately :^)). The port forwarding is done through an account
(gwaccount) on a gateway machine (GW).

When I then try to establish a tunnel to another remote machine (RB) at
the remote site, I receive an error message indicating the remote host
identification has changed. When I switch the other end of the tunnel
back to remote host RA, the tunnel works again.

To be more specific:

1. I first establish an SSH agent on my end and load it with the
required identifying information, as follows (commands are in Korn
shell):

...
eval $(ssh-agent)
ssh-add
...

This works fine, as far as I can see.

2. Next, establish the tunnel using SSH:

...
ssh -f -N -L 2222:RA:22 gwaccount@GW
...

If I understand things correctly, this should establish a local
forwarding which maps local port 2222 to port 22 on remote host RA,
behind the remote firewall, by way of the account gwaccount on remote
gateway GW. OK so far.

3. Finally, copy the remote files through the tunnel using scp:

...
scp -P 2222 gwaccount@localhost:remote_filename local_filename
...

This works to remote host RA without a problem.

I then make sure all of the ssh-agent and ssh processes from steps 1-3
are dead.

4. When I change the tunnel in #2 to remote host RB:

...
ssh -f -N -L 2222:RB:22 gwaccount@GW
...

the verbose output from ssh indicates the port forwarding of local port
2222 to remote port 22 on RB was set up.

5. Finally, when I try to copy the same file from host RB:

...
scp -P 2222 gwaccount@localhost:remote_filename local_filename
...

the command fails, and I get error messages about the remote host
identification changing, and referring me to item 2 in the local
known_hosts file, which is 'localhost'.

6. Again nuking stray processes, and repeating steps 1-3, it works
again (copying from RA, that is).

I've checked the authorized_keys and known_hosts files in ~/.ssh on the
  gateway machine. The authorized_keys contains entries for my local
account on local host L, as well as the access information to remote
hosts RA amd RB (which are ostensibly identical, sharing the same
~/.ssh directory for the accounts on RA and RB). The known_hosts file
on GW contains entries for L, RA, and RB.

So where do I look next? Could there be some subtle configuration
difference between the remote machines? I can manually log in from GW
to both RA and RB without a problem, using ssh.

Any help would be greatly appreciated. And I'll gladly help you with
any physics/astronomy homework in return :^).

Thanks,
Eric Winter

--
===============================================================================
Eric Winter (Eric.L.Winter.1@gsfc.nasa.gov)
Suzaku Guest Observer Facility, NASA Goddard Space Flight Center
Phone: (301) 286-2316   GSFC Building 6, Room S117
"Sweet are the uses of adversity;
 Which, like the toad, ugly and venomous,
 Wears yet a precious jewel in his head."
- Shakespeare, _As You Like It_, Act II, Scene I

• Previous message: dwalin: "Re: putty's telnet.c fix"
• Next in thread: Darren Tucker: "Re: SCP via SSH tunnel works, then not, then works again"
• Reply: Darren Tucker: "Re: SCP via SSH tunnel works, then not, then works again"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]