Connect to external server over ssh - linux

I want to connect to local address 127.0.0.1:2222 belonging to a server with IP 172.25.250.10 as user especial. The connection would be done from another place in the network. As a tip they have told me to use ip forwarding but I cannot manage to succeed.
My approach has been doing:
ssh especial#172.25.250.10 -p 2222
But this attempt returns:
ssh: connect to host 175.25.250.10 port 2222: Connection refused
In the 172.25.250.10 the 2222 port is listening for ssh connections

If I understood correctly, use the following to connect to 172.25.250.10 and use local port forwarding for port 2222.
ssh -L 2222:localhost:2222 especial#172.25.250.10

Related

SSH tunnel always trying port 22

I want create ssh tunnel between local machine and remote server, so I use this command on my local machine:
sudo ssh -R 443:localhost:443 SERVER_IP
Everything is working, I can connect to my local machine through remote server - using port 443.
Problem is, that sometimes it just doesnt work and I get a message:
connect to host SERVER_IP port 22: Connection refused
Strange is, that connection to port 22 is working on remote (I can connect there without problem at that exact moment), weird is just, that sometimes it is working and sometimes id does not. Do you have any idea why? Or do you know what is going on?
ssh runs by default on port 22. While your command is setting up a proxy to pass port 443 from one host to port 443 on a different host, the underlying ssh connection still runs on port 22.
Connection refused means that the target host SERVER_IP is not running an sshd daemon and/or is not listening to port 22. You will need to figure out and fix whatever is wrong with the SERVER_IP machine.
22 is the default port, the ssh client will connect to it until you specify an other port using -p, example:
ssh -R 12345:localhost:12345 SERVER_IP -p 443
The error you have is not about the tunnel but about the server's port.
You should check that the server is indeed started and listening on port 22 and there's no firewall in the way.

Azure VPS not opening any ports no matter what

I'm trying to open several ports on Azure. I have a single VPS with a single network security group with a single virtual network and subnet. Everything seems to be configured correctly, check images:
But trying to ping any port, for instance 8080:
nc -zv 52.166.131.228 8080
nc: connect to 52.166.131.228 port 8080 (tcp) failed: Connection refused
running desperate here, I've followed the guidelines to no avail https://learn.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-nsg-quickstart-portal ...any idea what I'm missing??
According to your error, I think you should check your service firstly. I don’t find 8080 is listening according to your output.
Please ensure port 8080 is listening, you could try to use telnet for test in your VM firstly.
telnet 127.0.0.1 8080
Notes: NSG could associate to VM and subnet.
Please refer to this article about how to manage NSG
I notice that your port 5432 is only listening on 127.0.0.1. I think you should check your configuration. If you want to access port 5432 with public IP, the port should listening on 0.0.0.0

How to access a host port (bind with ssh -R) from a container?

Using Docker 1.12.1, I face a strange behaviour trying to access a host port created with ssh -R.
Basically I try to access a service running on port 12345 on my local machine from a docker container running on a server.
I opened a ssh connection with ssh -R *:12345:localhost:12345 user#server to open a port 12345 on server that forwards to port 12345 on my local machine.
Now when I try curl https://172.17.42.1:12345 inside the container (172.17.42.1 is the IP to access the docker host from the docker container) I get :
root#f6873fe1109b:/# curl https://172.17.42.1:12345
curl: (7) Failed to connect to 172.17.42.1 port 12345: Connection refused
But on server the command curl http://localhost:12345 succeeds (eg. no Connection refused)
server$ curl http://localhost:12345
curl: (52) Empty reply from server
I don't really understand how the port binding done with ssh differs from a test with nc on server (it works) :
# on server
nc -l -p 12345
# inside a container
root#f6873fe1109b:/# curl http://172.17.42.1:12345
curl: (52) Empty reply from server
NB: the container was started with docker run -it --rm maven:3-jdk-8 bash.
What can I do to allow my container to access the host port corresponding to a ssh binding ?
From man ssh:
-R [...]
... Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled
And man sshd_config:
GatewayPorts
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardings to be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or “clientspecified” to allow the client to select the address to which the forwarding is bound. The default is “no”.
This means that a default sshd server installation only allows to create forwards that bind to the local interface. If you want to allow forwards to other interfaces then loopback, you need to set the GatewayPorts option to yes or clientspecified in your /etc/ssh/sshd_config

Available UDP port

I have a RedHat node behind central firewall and I would like to be able to check if the firewall guys have opened a port for me on which still nothing in listening. When I want to check that for TCP port I use telnet and I get:
When not opened:
[myname#78 ~]$ telnet myhost 4080
Trying myhostip...
telnet: connect to address myhostip: Connection refused
telnet: Unable to connect to remote host: Connection refused
[myname#78 ~]$
When opened:
[myname#78 ~]$ telnet myhost 4080
Trying myhostip...
Connected to myhost (myhostip).
Escape character is '^]'.
So how do I do that for an UDP port?
You can accomplish this using Netcat which you can install on RHEL with yum(1) using command yum install nc.
After you've installed Netcat, put it in listen mode on the receiving end ie. on the host you're trying to reach from outside world. You can do this with nc -l -u <your external I -address> 4080. This command will hang on your terminal and wait for any connections to port you specify on the command line.
Then connect from outside world, using Netcat again, but this time leave the -l out ie. use netcat -u <your external IP address> 4080. This command will also just sit there. Typing any input now should be visible on the receiving end Netcat. In case it is not, something blocks the traffic between two the two hosts.

Putty tunnel: Relay access denied

I will try to connect I logged on locally (127.0.0.1) on Putty. Then I try to connect through the tunnel to the remote server.
I get a "Relay access denied" error. How can I solve it?
To get an SSH tunnel established:
In PuTTY, on the configuration screen go to Connection > SSH > Tunnels. Set the source port to something like 2500, which is actually localhost:2500. Set Destination to mailserver.example.com:25 (SMTP port) for whatever is the hostname of your mail server.
Connect over SSH, and you have now established a tunnel to port 25 on the destination host.
On your local machine, telnet to your local port, and you are now talking to port 25 on the remote machine.
telnet localhost 2500

Resources