I almost have this working now; my problem was that I was trying to use
the OpenSSH package that came with Red Hat 7, which apparently has the
-R option silently disabled. Grrr. Compiled from source, it works.
BUT, I find that the forwarded port only allows connections if (a) they
are requested from the machine where sshd is running and (b) the machine
is addressed as "localhost" or "127.0.0.1".
For example, first I do this, as root:
ssh -g -R 2200:localhost:22 titan.localdomain
Session starts up normally.
Then, on titan:
ssh -p 2200 127.0.0.1
-or-
ssh -p 2200 localhost
works fine, I get a login prompt; but
ssh -p 2200 192.168.10.12 [which is titan's IP address]
-or-
ssh -p 2200 titan.localdomain
...fails, "connection refused", even though all four commands are being
issued from the same machine and all address the same target. I see the
same behavior regardless of the port I'm trying to forward; web traffic
works the same way.
I notice that if I use the -v option in the ssh session which
establishes the tunnel, I get debugging output as soon as the other
client tries to connect using one of the "localhost" addresses, but no
debugging output ever comes through if I use the other addresses; it's
as if the session request never reaches ssh in the first place.
Does this mean that ssh is only forwarding a Unix domain socket and not
a TCP/IP port? Or does it try to deliberately disallow connections from
off-host even with the -g option? Or might I be up against more Red Hat
weirdness? Is there any way around this?
Thanks,
-m
Michael R. Jinks wrote:
> Okay -- I'll distill my question then.
>
> Does the "-R" option actually do anything under OpenSSH? Note that I am
> accompanying it with the -g option.
>
> We're using version 2.1.1p4-1, installed from RPM on a Red Hat 7 machine
> at the client side; on the server side we're running Red Hat 6.2 with
> OpenSSH 2.2.0p1.
>
> I don't get any errors; at least nothing that I recognize as such; I
> just don't get the behavior I expect, and my users are starting to get
> antsy for outside access.
>
> Thanks for any help,
> -m
>
>
> Rolen, Mark E. wrote:
>
>> Ah, given the -R, then your ports were right :) I was assuming you
>> were
>> running the command on the outside host, since you used -L
>>
>> nevermind :)
>>
>> -----Original Message-----
>> From: Michael R. Jinks [mailto:[EMAIL PROTECTED]]
>> Sent: Monday, November 20, 2000 2:15 PM
>> To: ssh
>> Subject: port forwarding, remote to local
>>
>>
>> This is a followup to my (rather idiotic) post from earlier today in
>> which I was trying to forward an ssh port from a remote machine using
>> the "-L" option. Oops.
>>
>> But I'm still having trouble.
>>
>> Background: our temporary internet connection won't allow incoming
>> connections of any kind, but we do have a host on the Internet which
>> has a real IP and an sshd process running. I want to initiate an ssh
>> connection from our internal net to the outside host, such that a port
>> on the outside host is forwarded to the sshd process on one of our
>> internal machines.
>>
>> Now the command line I'm using is this (as root):
>>
>> ssh -v -g -R 2000:localhost:22 $REMOTEHOST
>>
>> The command appears to complete successfully, and I end up with a
>> login shell on the remote box. But in the debugging output there is
>> no mention of port forwarding, successful or otherwise, other than X
>> forwarding, and any attempt to connect to port 2000 on the remote box
>> comes back "connection refused".
>>
>> What might I be doing wrong?
>>
>> Thanks,
>> -m
