SSH tunnel always trying port 22 - linux

I want create ssh tunnel between local machine and remote server, so I use this command on my local machine:
sudo ssh -R 443:localhost:443 SERVER_IP
Everything is working, I can connect to my local machine through remote server - using port 443.
Problem is, that sometimes it just doesnt work and I get a message:
connect to host SERVER_IP port 22: Connection refused
Strange is, that connection to port 22 is working on remote (I can connect there without problem at that exact moment), weird is just, that sometimes it is working and sometimes id does not. Do you have any idea why? Or do you know what is going on?

ssh runs by default on port 22. While your command is setting up a proxy to pass port 443 from one host to port 443 on a different host, the underlying ssh connection still runs on port 22.
Connection refused means that the target host SERVER_IP is not running an sshd daemon and/or is not listening to port 22. You will need to figure out and fix whatever is wrong with the SERVER_IP machine.

22 is the default port, the ssh client will connect to it until you specify an other port using -p, example:
ssh -R 12345:localhost:12345 SERVER_IP -p 443
The error you have is not about the tunnel but about the server's port.
You should check that the server is indeed started and listening on port 22 and there's no firewall in the way.

Related

Connect to external server over ssh

I want to connect to local address 127.0.0.1:2222 belonging to a server with IP 172.25.250.10 as user especial. The connection would be done from another place in the network. As a tip they have told me to use ip forwarding but I cannot manage to succeed.
My approach has been doing:
ssh especial#172.25.250.10 -p 2222
But this attempt returns:
ssh: connect to host 175.25.250.10 port 2222: Connection refused
In the 172.25.250.10 the 2222 port is listening for ssh connections
If I understood correctly, use the following to connect to 172.25.250.10 and use local port forwarding for port 2222.
ssh -L 2222:localhost:2222 especial#172.25.250.10

How to access a host port (bind with ssh -R) from a container?

Using Docker 1.12.1, I face a strange behaviour trying to access a host port created with ssh -R.
Basically I try to access a service running on port 12345 on my local machine from a docker container running on a server.
I opened a ssh connection with ssh -R *:12345:localhost:12345 user#server to open a port 12345 on server that forwards to port 12345 on my local machine.
Now when I try curl https://172.17.42.1:12345 inside the container (172.17.42.1 is the IP to access the docker host from the docker container) I get :
root#f6873fe1109b:/# curl https://172.17.42.1:12345
curl: (7) Failed to connect to 172.17.42.1 port 12345: Connection refused
But on server the command curl http://localhost:12345 succeeds (eg. no Connection refused)
server$ curl http://localhost:12345
curl: (52) Empty reply from server
I don't really understand how the port binding done with ssh differs from a test with nc on server (it works) :
# on server
nc -l -p 12345
# inside a container
root#f6873fe1109b:/# curl http://172.17.42.1:12345
curl: (52) Empty reply from server
NB: the container was started with docker run -it --rm maven:3-jdk-8 bash.
What can I do to allow my container to access the host port corresponding to a ssh binding ?
From man ssh:
-R [...]
... Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled
And man sshd_config:
GatewayPorts
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardings to be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or “clientspecified” to allow the client to select the address to which the forwarding is bound. The default is “no”.
This means that a default sshd server installation only allows to create forwards that bind to the local interface. If you want to allow forwards to other interfaces then loopback, you need to set the GatewayPorts option to yes or clientspecified in your /etc/ssh/sshd_config

Listening port putty tunnel does not work

The goal is to connect to my home computer from outside. The ISP blocks all the ports (and demands $$$ for business package with static ip address), so simple port forwarding on home router does not work.
I have used putty to tunnel a listening port to a remote server: R2221:###.###.###.###:2221 (to make things simpler, the test server is a simple ftp server running on my home windows machine) (the entire ip address has to be specified -- with OpenSSH 1.0 running on the linux box wildcard address results in refusal of connection) (GatewayPorts are set to on).
Netstat -a confirms that port 2221 on the linux box is open and listening. However, whenever I try to connect to that port, it simply hangs. Command line ftp client says "connected to ###.###.###.###" and that's it. Running netstat again shows dozens of opened connections to port 2221, all coming from my windows box (I tried using browser as well as command line ftp client).
Which step am I missing?
Tried with RDP, VNC and FTP -- all of them hang, all of them connect when connecting through my home network (or my home router).
EDIT The setup is as follows:
PC 1 (windows) has FTP service running on port 2221. It uses PuTTY to tunnel a listening port to PC 2 (linux). PC 2 does show listening port when running netstat. Connecting to port 2221 on PC 2 either form PC 2 or from PC 3 results in hanging.
EDIT 2 Aaaand it worked. Using 127.0.0.1 instead of the remote machine's ip address was what corrected it. Thanks a lot.
Are you sure your -R command is correct? From what you say I suppose the command should be R2221:127.0.0.1:2221. The -R ssh option in form of port:host:hostport does the following: it opens port port on the remote side and forwards the connection to that port to local address host:hostport, and this connection is made from the local machine.
To make your local machine (the one that is running ssh client, e.g. PuTTY) connect to your local FTP server running on the same machine, use 127.0.0.1 as an address.
It also explains why you see a strange behaviour: when you actually connect to xxx.xxx.xxx.xxx:2221, it forwards the connection to the same address xxx.xxx.xxx.xxx:2221 and you get some kind of a loop.

Not able to ssh to port 443 on a Amazon ec2 server

I am running ssh on Amazon EC2 (linux) machine on Port 443.
Yet i am unable to ssh it, as i am behind a firewall.
When i do
http:// host:443
Following message is displayed:
SSH-2.0-OpenSSH_5.3
That means ssh is clearly listening on port 443, and the port is even reachable (via browser).
But yet when i do ssh from my desktop command-line (or putty), it just doesn't work.
Is it that firewall is examining packets and blocking it?
Any ideas?
Are you doing ssh -p 443 host? Sorry to state te obvious... but sometimes the obvious is what eludes us.
Worked!
The putty also required proxy entries :)

Putty tunnel: Relay access denied

I will try to connect I logged on locally (127.0.0.1) on Putty. Then I try to connect through the tunnel to the remote server.
I get a "Relay access denied" error. How can I solve it?
To get an SSH tunnel established:
In PuTTY, on the configuration screen go to Connection > SSH > Tunnels. Set the source port to something like 2500, which is actually localhost:2500. Set Destination to mailserver.example.com:25 (SMTP port) for whatever is the hostname of your mail server.
Connect over SSH, and you have now established a tunnel to port 25 on the destination host.
On your local machine, telnet to your local port, and you are now talking to port 25 on the remote machine.
telnet localhost 2500

Resources