 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Mac Forum / Applications / Mac Applications / February 2005SSH config - server doesn't do port forwarding
Folks I try to connect to a Mac OSX 10.2 server via SSH. Everything works fine except that the server does not seem to allow port forwarding. This is the server's ssh_config file... Anything obvious ?! --- # $OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * # ForwardAgent no # ForwardX11 no # RhostsAuthentication no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # BatchMode no # CheckHostIP yes # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192- cbc,aes256-cbc # EscapeChar ~ --- Thanks & regards --alexT > I try to connect to a Mac OSX 10.2 server via SSH. > > Everything works fine except that the server does not seem to allow > port forwarding. > > This is the server's ssh_config file... Anything obvious ?! On the server, you need to look at sshd_config, not ssh_config. Most likely you need to add "GatewayPorts yes" to the server sshd_config, and then restart sshd.  SignatureTom "Tom" Harrington Macaroni, Automated System Maintenance for Mac OS X. Version 2.0: Delocalize, Repair Permissions, lots more. See http://www.atomicbird.com/ > On the server, you need to look at sshd_config, not ssh_config. And good info is available via 'man sshd_config' > Most likely you need to add "GatewayPorts yes" to the server > sshd_config, and then restart sshd. Gateway ports are dangerous and should almost always be disabled. I think the option he should be enabling is AllowTcpForwarding. This is enabled by default in all versions of OSX afaik. GatewayPorts should be left disabled unless he really wants his forwarded ports to be accessible from third party machines. > > On the server, you need to look at sshd_config, not ssh_config. > [quoted text clipped - 9 lines] > left disabled unless he really wants his forwarded ports to be > accessible from third party machines. I agree with what you say about the risks, however given his description of the situation, it sounded like that was exactly what he wanted to do. SignatureTom "Tom" Harrington Macaroni, Automated System Maintenance for Mac OS X. Version 2.0: Delocalize, Repair Permissions, lots more. See http://www.atomicbird.com/ >> I think the option he should be enabling is AllowTcpForwarding. This is >> enabled by default in all versions of OSX afaik. GatewayPorts should be [quoted text clipped - 3 lines] > I agree with what you say about the risks, however given his description > of the situation, it sounded like that was exactly what he wanted to do. Hmm, I missed that. I thought all he said was that port forwarding wasn't working. Was there was a reference to third party machines (ie, other than the ssh client and ssh server)? > >> I think the option he should be enabling is AllowTcpForwarding. This is > >> enabled by default in all versions of OSX afaik. GatewayPorts should be [quoted text clipped - 7 lines] > wasn't working. Was there was a reference to third party machines (ie, > other than the ssh client and ssh server)? I may have misread it, but the initial message about connecting to a Mac OS X box and wanting the connection to forward ports sounded like that was the situation to me. SignatureTom "Tom" Harrington Macaroni, Automated System Maintenance for Mac OS X. Version 2.0: Delocalize, Repair Permissions, lots more. See http://www.atomicbird.com/ Folks Sorry for not responding earlier, but for some reason I have difficulties locating this thread in Google Groups, which I am using to browse the Usenet. > I may have misread it, but the initial message about connecting to a Mac > OS X box and wanting the connection to forward ports sounded like that > was the situation to me. Trying to clarify: I want to connect via SSH to an OS X server and only leave port 22 open. From the client side I'd like to mount AFP shares through the SSH port mapping function, i.e. mapping the server's port 548 to my client's localhost:548. For some reason I can connect through ssh but the port forwarding is refused by the server. Will have a look to the sshd_config file and revert... Thanks & regards --alexT Well... so here is the sshd_config file... # $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. #Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh_host_rsa_key #HostKey /etc/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 600 #PermitRootLogin yes #StrictModes yes #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used #RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #AFSTokenPassing no # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no # Set this to 'yes' to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbdInt yes #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #KeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #Compression yes #MaxStartups 10 # no default banner path #Banner /some/path #VerifyReverseMapping no # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server > Well... so here is the sshd_config file... How exactly are you trying to do the forwarding? Be as specific as possible. > How exactly are you trying to do the forwarding? Be as specific as > possible. Well... I'm trying to build an SSH tunel from my Mac runing OS9 / Mac SSH 2.1fc3 I manage to open the SSH connection with the server (I have the command prompt) and using the command line -L548:myserver.com:548 I was expecting to be able to mount the remote OS X server volumes through AFP. However this part does not work. In my session log I see lsh: User authentication successful. lsh: Leaving make_lsh_userauth, value of type ssh_connection. lsh: Entering forward_remote_port lsh: command_C lsh: command_Bp lsh: remote_listen_command lsh: Entering forward_local_port lsh: command_C lsh: command_C lsh: command_Bp lsh: io.c: Listening on fd 10 lsh: Leaving forward_local_port, value of type lsh_fd. lsh: Installing fix channel open handler for type 'forwarded-tcpip' lsh: Entering make_start_session lsh: command_B, f = 2e95fe9c, cf = 2e95fe9c, g = 2e95fe78, cg = 2e95fe78 lsh: Allocated local channel number 0 lsh: Registering local channel 0. lsh: Garbage collecting while idle... lsh: Objects alive: 158, garbage collected: 182 lsh: Received debug: Server has disabled port forwarding. this very last line sounds like I have a config problem with my server (OS X server 10.2) but I can't seem understand what's wrong... So any help would be appreciated (I have posted my ssh config file in previous messages) Thanks & regards alex |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.