System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

quick question on ssh port forwarding

Becke
Super Advisor

quick question on ssh port forwarding

Guys

I'm trying to set up port forwarding on local host but getting the error below...

Please assist ?

ssh -vv -L 443:localhost:443 10.2.107.97
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): Could not load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
System error: No such file or directory

debug1: Error loading Kerberos, disabling Kerberos auth.
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.2.107.97 [10.2.107.97] port 22.
debug1: connect to address 10.2.107.97 port 22: Connection timed out
ssh: connect to host 10.2.107.97 port 22: Connection timed out
2 REPLIES
Becke
Super Advisor

Re: quick question on ssh port forwarding


Further to my email above I'm using this command

ssh -f -L 443:10.2.107.97:443 dest_hostname "sleep 300"

Now when apps guys is doing telnet to the above port on destination server it doesn't work,

do u think the above syntax is correct and this could be fw issue, I can engage a fw person to check if I'm using the correct syntax in the command ?
Matti_Kurkela
Honored Contributor

Re: quick question on ssh port forwarding

>debug1: connect to address 10.2.107.97 port 22: Connection timed out
>ssh: connect to host 10.2.107.97 port 22: Connection timed out

This says the entire SSH connection is failing because no response at all was received from 10.2.107.97.

Possible causes:
- no sshd running on 10.2.107.97
- a firewall is blocking your connection attempt to 10.2.107.97 and/or its responses back to you
- host 10.2.107.97 is down and a firewall is blocking the "Host unreachable" ICMP error message that would normally be sent to you by the gateway of the remote host. (I would call it "over-zealous ICMP filtering", but that's just my opinion...)
- there is a network routing problem and a firewall is filtering out the ICMP message that would tell you what is wrong (again, over-zealous ICMP filtering in my opinion)

The error message about libkrb5 is harmless unless you're using Kerberos authentication.

A Telnet connection has a destination port of TCP/23, while SSH connection uses TCP/22. For a firewall, these are two entirely separate connection types: if one is allowed, it tells nothing at all about the other.

Definitely talk to your firewall administrator.

MK
MK