Using Docker 1.12.1, I face a strange behaviour trying to access a host port created with ssh -R.
Basically I try to access a service running on port 12345 on my local machine from a docker container running on a server.
I opened a ssh connection with ssh -R *:12345:localhost:12345 user#server to open a port 12345 on server that forwards to port 12345 on my local machine.
Now when I try curl https://172.17.42.1:12345 inside the container (172.17.42.1 is the IP to access the docker host from the docker container) I get :
root#f6873fe1109b:/# curl https://172.17.42.1:12345
curl: (7) Failed to connect to 172.17.42.1 port 12345: Connection refused
But on server the command curl http://localhost:12345 succeeds (eg. no Connection refused)
server$ curl http://localhost:12345
curl: (52) Empty reply from server
I don't really understand how the port binding done with ssh differs from a test with nc on server (it works) :
# on server
nc -l -p 12345
# inside a container
root#f6873fe1109b:/# curl http://172.17.42.1:12345
curl: (52) Empty reply from server
NB: the container was started with docker run -it --rm maven:3-jdk-8 bash.
What can I do to allow my container to access the host port corresponding to a ssh binding ?
From man ssh:
-R [...]
... Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled
And man sshd_config:
GatewayPorts
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardings to be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or “clientspecified” to allow the client to select the address to which the forwarding is bound. The default is “no”.
This means that a default sshd server installation only allows to create forwards that bind to the local interface. If you want to allow forwards to other interfaces then loopback, you need to set the GatewayPorts option to yes or clientspecified in your /etc/ssh/sshd_config
Related
I have installed GitLab server on a virtual machine (VMWare). GitLab IP address is 192.168.1.4 . I can see GitLab from browser. I generated ssh-key and added to GitLab server.
When I run ssh -T git#192.168.1.4 I got this error:
ssh: connect to host 192.168.1.4 port 22: Connection refused
Not only you need to run SSHD in your GitLab server (type netstat -l -t -n to check that it listens on port 22, as in here).
But you also need to check for:
firewall rules
port mapping (in your VMWare configuration)
I want to make a local port that serve a python http.server accessible to the internet without messing around with port-forwarding on my home router, tunnelling it on a digital ocean vps.
My local port is 8080, the port on the remote vps 4444, just for example
ssh -i .ssh/mykey -R 4444:localhost:8080 root#myvpsip
But still http://myvpsip:4444 is not accessible
ufw is disabled on the vps..What am I missing?
For the forwarded port to listen on any address (and not just localhost) you need to prepend an additional : to the forward specification.
ssh -i .ssh/mykey -R :4444:localhost:8080 root#myvpsip
Additionally, you must have GatewayPorts yes or GatewayPorts clientspecified on the server-side sshd configuration.
I want create ssh tunnel between local machine and remote server, so I use this command on my local machine:
sudo ssh -R 443:localhost:443 SERVER_IP
Everything is working, I can connect to my local machine through remote server - using port 443.
Problem is, that sometimes it just doesnt work and I get a message:
connect to host SERVER_IP port 22: Connection refused
Strange is, that connection to port 22 is working on remote (I can connect there without problem at that exact moment), weird is just, that sometimes it is working and sometimes id does not. Do you have any idea why? Or do you know what is going on?
ssh runs by default on port 22. While your command is setting up a proxy to pass port 443 from one host to port 443 on a different host, the underlying ssh connection still runs on port 22.
Connection refused means that the target host SERVER_IP is not running an sshd daemon and/or is not listening to port 22. You will need to figure out and fix whatever is wrong with the SERVER_IP machine.
22 is the default port, the ssh client will connect to it until you specify an other port using -p, example:
ssh -R 12345:localhost:12345 SERVER_IP -p 443
The error you have is not about the tunnel but about the server's port.
You should check that the server is indeed started and listening on port 22 and there's no firewall in the way.
Suppose if my ip address is : 192.65.35.12. In this machine I'm running node server. I can access the webpages by using this url: http://localhost:3000/ in the same machine.
But, if I'm trying to access the node server from a remote machine having the ip 192.65.35.11. It does not work. I used the below url to access the url from the remote machine:
http://192.65.35.12:3000/
I'm facing network connectivity issues.
Do, I need to change any settings in node.js for remote access.
Then, how can I access the node server from the remote machine.
Use this IP 0.0.0.0 to open your app on all interfaces provided by your computer.
On linux server you need to open port for outside client to reach it.
$ sudo iptables -I INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
$ sudo service iptables save
$ sudo service iptables restart
Then start your server
I have been trying to monitor a remote server using Nagios-Nrpe.
The remote host is the Amazon Ec2 instance where I have installed npre daemon on xinetd.
I have added my nagios server IP to "only-from" property in /etc/xinet.d/nrpe file.
I have added the entry in /etc/services.
I have made changes in iptables also.
I have added an entry for TCP port 5666 in my security group too.
These commands work properly:
$ netstat -at | grep nrpe
$usr/local/nagios/libexec/check_nrpe -H localhost
I have setup the nagios server and nrpe_check plugin on my local machine.
But whenever I am doing:
/usr/local/nagios/libexec/check_nrpe -H <"amazon-ec2-IP-address">
I get the following error:
connect to address <"amazon-ec2-IP-address"> port 5666: Connection refused ......
connect to host <"amazon-ec2-IP-address"> port 5666: Connection refused
I have tried making the nrpe client on another linux on my LAN and the command worked, but not for Amazon Ec2.
If anyone has the solution for this issue, please do share ASAP.
Make sure you have,
Opened up port 5666 in the Security Group linked to the EC2-instance.