f



how to have ssh fails if remote forwarding fails

Hi,

I'm using this command just to forward a port on a distant host:

ssh remotehost -Nnx -o ControlPath=none -o BatchMode=yes -R 
2222:localhost:22

I'm running this command in a while loop to have it always up even if 
the connection timeout because connectivity problem. And sometimes, when 
it is relaunched, it fails because of the following error:

Warning: remote port forwarding failed for listen port 2222

In this case, I'd like ssh to exit and my while loop will launch it 
again until it succeed. Is it possible ?

Note that with the -Nnx options, if the TCP forwarding failed, the 
command is pretty useless.

Thank you for your help
Best regards
-- 
Lo�c
0
llloic (3)
5/30/2009 8:56:57 AM
comp.security.ssh 4228 articles. 0 followers. terra1024 (490) is leader. Post Follow

2 Replies
677 Views

Similar Articles

[PageSpeed] 56

On May 30, 4:56=A0am, Loic <lll...@free.fr> wrote:
> Hi,
>
> I'm using this command just to forward a port on a distant host:
>
> ssh remotehost -Nnx -o ControlPath=3Dnone -o BatchMode=3Dyes -R
> 2222:localhost:22
>
> I'm running this command in a while loop to have it always up even if
> the connection timeout because connectivity problem. And sometimes, when
> it is relaunched, it fails because of the following error:
>
> Warning: remote port forwarding failed for listen port 2222
>
> In this case, I'd like ssh to exit and my while loop will launch it
> again until it succeed. Is it possible ?
>
> Note that with the -Nnx options, if the TCP forwarding failed, the
> command is pretty useless.

Won't 'autossh' serve your needs? It's available as a system tool in
most Linux distributions, and can be found at http://www.harding.motd.ca/au=
tossh/.
0
nkadel (705)
5/30/2009 8:47:38 PM
Hi,

Nico Kadel-Garcia wrote :
> On May 30, 4:56 am, Loic <lll...@free.fr> wrote:
>> Hi,
>>
>> I'm using this command just to forward a port on a distant host:
>>
>> ssh remotehost -Nnx -o ControlPath=none -o BatchMode=yes -R
>> 2222:localhost:22
>>
>> I'm running this command in a while loop to have it always up even if
>> the connection timeout because connectivity problem. And sometimes, when
>> it is relaunched, it fails because of the following error:
>>
>> Warning: remote port forwarding failed for listen port 2222
>>
>> In this case, I'd like ssh to exit and my while loop will launch it
>> again until it succeed. Is it possible ?
>>
>> Note that with the -Nnx options, if the TCP forwarding failed, the
>> command is pretty useless.
> 
> Won't 'autossh' serve your needs? It's available as a system tool in
> most Linux distributions, and can be found at http://www.harding.motd.ca/autossh/.

Thank you for the answer.
I have read the man page of autossh attentively but it doesn't seem to 
fit my need. Basically, autossh is the while loop I have set in shell 
script, and nothing more. The "loop of SSH forwarding" that autossh sets 
up is just a way to monitor that the session didn't fail. With recent 
version of SSH having ServerAliveInterval and ServerAliveCountMax 
option, SSH does this monitoring itself, so this isn't necessary any 
longer. I could use autossh any way to avoid the bash while loop, but 
this doesn't really bring more features.

What I'd like is a reliable way to know, when SSH is launched, if the 
remote forwarding (-R) succeeded or not, or better make ssh exit if it 
fails instead of just outputting a warning. I could grep the ssh output, 
do you if there is a better way ?

Thanks in advance
-- 
Lo�c
0
llloic (3)
6/3/2009 6:18:42 AM
Reply:

Similar Artilces:

net/ssh in ruby. ssh.exec fails
I just finished install net-ssh-2.1.0.gem. And following v2 example, I did this: irb(main):005:0> Net::SSH.start("sh-ubuntu6", "vdeadmin", "fishbowl") do |ssh| irb(main):006:1* puts ssh.exec("pwd") irb(main):007:1> end NoMethodError: private method `exec' called for #<Net::SSH::Session:0xb7e33840> undefined method `exec!' exec - private method. any one has encountered this before? I googled online, search in mailer archive, and tried with several different versions of net/ssh. none of them helps. ...

NET:SSH fails authentification with :keys
hi, i can't get my head around this: Net::SSH.start("url.i.need.com", 'root', :keys => ["/path/to/keyfile"], :verbose => Logger::DEBUG ) do |ssh| ssh.exec!("mount /persistent") end gives me failed authetification and E, [2010-02-19T20:38:31.198582 #1494] ERROR -- net.ssh.authentication.session[80c6f360]: all authorization methods failed (tried publickey, hostbased, password, keyboard-interactive) but i can easily do ssh -i /path/to/keyfile root@url.i.need.com and i log in without a glitch. any idea what could be going wrong here? many t...

SSH over SSH
Hi all, Our university network is accessed through a gateway machine, which accepts SSH connections and from which I can SSH onto other machines. I'm looking to write a program to make it easy for Mac OS X users to set up tunnels. Part of this involves storing passwords in the keychain. If I just want to forward a local port to the gateway machine, I can set SSH_ASKPASS to something suitable which looks in the keychain. However, if I want to forward a local port to another machine on my university network, i.e., another hop, I need to somehow have an SSH_ASKPASS utility on the gateway m...

SSH login to any remote machine fails
Hello! I got a serious SSH-Problem on my Redhat 9 client (OpenSSH_3.5p1, SSH protocols 1.5/2.0): when I try to connect (as root) to a remote server using # ssh servername or # ssh -l root servername I get the following message: Host key verification failed. I've tried to connect to this servers from a other client, and everything works. SSH-login to my client works fine too. Any suggestions!? Thank you Willi >>>>> "Willi" == Willi Bald <willi@bald.com> writes: Willi> Hello! I got a serious SSH-Problem on my Redhat 9 client Willi> (Op...

ssh ssh
I am trying to write a script that takes a list of hosts and sshs into the first one and then can ssh to other ones. I can only ssh to the other hosts from the first host. Here is what I tried: I think it is waiting for the ssh to the first host to finish. I guess I could scp a partial hostlist and a program to *.domain and then run the program remotely. Am I on a right track? #!/bin/perl use strict; open( HL, '<hostlist3.txt' ) || die "can't open hostlist3"; #!/bin/perl use strict; open( HL, '<hostlist3.txt' ) || die "can't open hostlist3&qu...

ssh to ssh
I have the following scenerio: Remote PC with Xmanager small linux gateway, with sshd and ssh but no X software local host with sshd and X software I am trying to do the following from the remote PC: ssh -X (gateway addr. x.x.x.x "ssh -X (local host add 192.168.25.40) xterm" and it is failing. Please help if possible. Looking at the verbose output I see: OpenSSH_3.8.1p1, OpenSSL 0.9.7c 30 Sep 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to x.x.x.x [x.x.x.x] port 80. debug1: Connection established. debug1: ident...

SSH jibberish after remote X fails. Is this normal?
As you can see in the following pasted text I was experimenting with remote X forwarding but obviously had an error with that. Shortly thereafter the SSH session text gets mangled. Is this normal? Is there anyway to reset the character set without terminating the session? TIA! ========================NORMAL OPERATION================================ # cd Creator2 # ls LICENSE.pdf bin moduleCluster.properties README.html build_info module_tracking.xml README_es.html core nb4.1 README_fr.html...

Prevent blocking remote port when setting up a SSH tunnel/SSH port forwarding?
Assume I create an SSH tunnel to a remote computer with ssh foobar@remcomp -L 20110:remcomp:110 then it seems to me that on the remote computer port 110 is blocked for other clients. Is this true? How can I prevent this exclusive locking? Peter pins1000@yahoo.com (Peter Insold) writes: > Assume I create an SSH tunnel to a remote computer with > > ssh foobar@remcomp -L 20110:remcomp:110 > > then it seems to me that on the remote computer port 110 is blocked for other > clients. Is this true? No. DES -- Dag-Erling Smørgrav - des@des.no...

Using ssh forwarding for ssh itself.
I'm trying to ssh into my (Linux) computer at work. Normally I ssh into the department's main (Unix) computer, then ssh into my own, but I thought I'd try out port forwarding. So in one xterm I do this: $ ssh -L 9999:my_computer:22 main_computer [main_computer prints login message then the following] channel 3: open failed: administratively prohibited: open failed channel 3: open failed: administratively prohibited: open failed In another xterm, I try this: $ netstat -tl [shows my computer is listening on 9999] $ ssh -p 9999 -v localhost debug1: Reading configuration data /home/adam/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to localhost [127.0.0.1] port 9999. debug1: Connection established. debug1: identity file /home/adam/.ssh/identity type -1 debug1: identity file /home/adam/.ssh/id_rsa type -1 debug1: identity file /home/adam/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host Does the "administratively prohibited" message mean that main_computer is configured not to allow this? Or am I doing something wrong? If I can get this working, will I also be able to use scp directly from my home computer to my desktop (instead of copying to my account on main_computer first)? Thanks, Adam In comp.security.ssh Adam Funk <a24061@ducksburg.com> wrote: > I'm trying to ssh into my (Linux) computer at work. Normally I ssh > in...

Net::SSH fails on second retry over remote tunnel
Hello- Please pardon me if I'm na=EFve, this is my first post. I'm working on enabling DRbSSL to tunnel through an SSH connection. My setup is that the "client" runs a DRbSSL service, which starts, and = then NetSSH is used to perform a client login to the remote host server, and = then sets up a remote_to port forward, so that when the host server wants to contact the client, it can send a "drbssl://localhost:remote_port" = command to itself which should forward through the tunnel to the client drbssl service. To clarify: On the client computer: drbssl://0.0.0....

broken SSH ld.so.1: ssh: fatal: libgss.so.1: open failed: No such file or directory
After a recent patch cluster SSH has broke. It looks like a missing or corrupt library, but I am unsure how to fix it. Has anyone seen this before? Here is the output I get when attempting to SSH to another machine- ld.so.1: ssh: fatal: libgss.so.1: open failed: No such file or directory Killed If I try to SSH to this machine I receive- " Secure connection refused" dnaflr2@yahoo.com writes: >After a recent patch cluster SSH has broke. It looks like a missing or >corrupt library, but I am unsure how to fix it. Has anyone seen this >before? Here is the output I get when a...

remote/reverse port forward, ssh client setting source IPs to what ssh server reports
Note: most of this post is based on OpenSSH When I do a remote forward (port on server listens for incoming traffic, traffic gets forwarded to port that is listening on client), the source IPs of all the incoming connections in the server app on the client machine are 127.0.0.1/localhost. Using "-v", I can see that sshd passes the IP addresses of what computers connected to the sshd's port that forwards to the client. The client does not use/set the originating information when connect. RFC 4254 requires the server send the originating IP across the wire to the client. ------------------------------------------------------------------------------------------------------------------------- 7.2. TCP/IP Forwarding Channels When a connection comes to a port for which remote forwarding has been requested, a channel is opened to forward the port to the other side. byte SSH_MSG_CHANNEL_OPEN string "forwarded-tcpip" uint32 sender channel uint32 initial window size uint32 maximum packet size string address that was connected uint32 port that was connected ###string originator IP address########################################### uint32 originator port -------------------------------------------------------------------------------------------------------------------------- The 'originator IP address' is the numeric IP address of the machine from where the conn...

ssh X forwarding fails with Linux VPS (Virtual Server)
Hello, I cannot achieve X tunneling when I ssh into a remote system running Xeon virtualization software. Does the virtualization software carry any bearing on ssh? What can I do to fix the problem? Thank you in advance. Pan Am --- Details: FC4, OpenSSH_4.2p1, OpenSSL 0.9.7f are installed on both local and remote X forwarding works ok from local host to other systems, "X11Forwarding yes" is set on vps sshd_config In local shell xterm works fine (echo $DISPLAY returns :0.0 ) On remote vps system echo $DISPLAY is unset ssh -l john -vv -X IP_of_VPS xterm fails with following log...

Kerberos/ssh ticket forwarding sometimes fails in Mac OS X
Hi, I can always get kerberos tickets on my Powerbook, but the tickets don't always get forwarded if I ssh to a kerberized host (i.e. I can ssh to a remote host without getting prompted for a password, but logging in from there to another remote host does prompt for a password), and the ssh loging hangs for some 10s of seconds; it tends to work directly after restarting my computer, but I haven't been able to figure out under which exact circumstances it works or doesn't work. Has anyone encountered this problem before? Is there a thread in this or another newsgroup that talks abo...

Another variant of "ssh" working interactively, but "ssh cmd" and "scp" failing
hello, world\n I've read the SSH and OpenSSH FAQ (motd/.profile issue), googled left and right and still could not find a solution to the problem. I've got an embedded box named FOO running OpenSSH_3.7.1p1 on Linux 2.4 on PowerPC, the shell is a busybox, but using bash does not change anything. No PAM. This is the situation: ssh root@FOO -- works ssh root@FOO ls -- fails, no output, no matter what command is given scp file root@FOO: -- fails, "lost connection" Here's the debug output for the client and the server. I have also appended the /etc/ssh/sshd_config....

ssh localhost login works but remote logins or actual IP login fails
ssh userx@localhost works fine ssh userx@192.168.123.xxx does not work from the local or a remote machine This seems like a configuration problem but I don't know what it is. http://www.snailbook.com/faq/general-debugging.auto.html In particular, merely saying "it does not work" is not helpful -- give details. -- Richard Silverman res@qoxp.net In article <a66ea411.0404132004.153f5326@posting.google.com>, johan antwerp <johanwantwerp@excite.com> wrote: >ssh userx@localhost works fine > >ssh userx@192.168.123.xxx does not work from the local or a r...

ssh fails with xinetd
Hi, I have a FreeBSD 6.2 system on which inetd was replaced with xinetd. Ever since, I can't seem to get an ssh connection to the box, which was working well with inetd. sshd is not running independently, but is spawned by inetd (or xinetd) when there's a connection request. Here are a few things that changed after bringing xinetd onboard. /etc/rc.conf: ------------------- #inetd_enable="YES" xinetd_enable="YES" xinetd.conf ---------------- service ssh { socket_type = stream wait = no protocol = tcp user = root server = /usr/sbin/sshd port = 22 log_on_failure += USERID } The telnet connections work well with xinetd, though. It's with ssh that I'm seeing the problem. This is what is seen when a local connection is initiated: $ ssh -v diag@127.0.0.1 OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /var/home/diag/.ssh/identity type -1 debug1: identity file /var/home/diag/.ssh/id_rsa type -1 debug1: identity file /var/home/diag/.ssh/id_dsa type -1 debug1: ssh_exchange_identification: sshd re-exec requires execution with an absolute path ssh_exchange_identification: Connection closed by remote ho...

ssh forwarding security
Hi, I am not clear on ssh tunneling security. If I'm understanding it correctly, a tunnel is available to all processes on a machine, regardless of their credentials. If an attacker has access to a machine, knows a victim has opened a tunnel, and knows the tcp port, that attacker can easily run a program under his own credentials on that machine (no need to break the victim's credentials) and then loopback to the tunnel port bound to 127.0.0.1 by the victim. Are there any mitigation factors I'm missing? Is there additional checking implemented that may prevent this attack? >>>>> "VV" == v ventura <injvstice@gmail.com> writes: VV> Hi, I am not clear on ssh tunneling security. If I'm understanding VV> it correctly, a tunnel is available to all processes on a machine, VV> regardless of their credentials. If an attacker has access to a VV> machine, knows a victim has opened a tunnel, and knows the tcp VV> port, that attacker can easily run a program under his own VV> credentials on that machine (no need to break the victim's VV> credentials) and then loopback to the tunnel port bound to VV> 127.0.0.1 by the victim. VV> Are there any mitigation factors I'm missing? Is there additional VV> checking implemented that may prevent this attack? No. In the special case of X forwarding, OpenSSH requires xauth cookie-style authentication to the X proxy -...

Failed Login and SSH
Hi everybody. I wrote a small program to notify users by e-mail when they try to login in the system if they have more than two unsuccessful login tries. I used the getuserattr C function. The program works good for telnet sessions but not for ssh. Does anybody have any clue of how this happens? Any tips to work with ssh? My system is AIX 5.3 ML 02 and SSH is 3.8.1p1. Thanks in advance. Eduardo ...

ssh tunnel // "telnet localhost tunnel_port" works, from remote host "telnet hostname tunnel_port" fails
Hi Guys, I got a SUSE linux box with OpenSSh installed. <hostname>:/proc # uname -r 2.4.21-138-smp <hostname>:/proc # ssh -Version OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f I use "ssh <remotehost_1> -L 54321:<remotehost_2>:23 to build a ssh tunnel for a telnet session to remotehost_2 (which can not be accessed from my linux box directly). remotehost_2 is a HPUX box, could be anything else too When I use "telnet localhost 54321" on my linux box this works fine When I use "telnet <hostname> 54321" on my linux box it fails ...

ssh tunnel // "telnet localhost tunnel_port" works, from remote host "telnet hostname tunnel_port" fails #2
Hi Guys, I got a SUSE linux box with OpenSSh installed. <hostname>:/proc # uname -r 2.4.21-138-smp <hostname>:/proc # ssh -Version OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f I use "ssh <remotehost_1> -L 54321:<remotehost_2>:23 to build a ssh tunnel for a telnet session to remotehost_2 (which can not be accessed from my linux box directly). remotehost_2 is a HPUX box, could be anything else too When I use "telnet localhost 54321" on my linux box this works fine When I use "telnet <hostname> 54321" on my linux box it fails hprtdc14:/proc # telnet <hostname> 55555 Trying 12.23.34.45... telnet: connect to address 12.23.34.458: Connection refused When I use "telnet <hostname> 55555" from a remote box (windows - could be anything else too) it fails C:\>telnet <hostname> 55555 Connecting To <hostname>...Could not open connection to the host, on port 55555: Connect failed C:\> I assume my linux box refuses connections from hosts other than localhost. Further on I see in netstat that only 127.0.0.1 is listened on (not on its IP) <hostname>:/proc # netstat -an | grep 55555 tcp 0 0 127.0.0.1:55555 0.0.0.0:* LISTEN tcp 0 0 ::1:55555 :::* LISTEN <hostname>:/proc # Compared to windows: In putty I have an option "Local ports accept connections from other hosts" Is there so...

ssh for playbook with ssh agent forwarding and keys
We use ssh keys and agent for a lot of our work. You cannot login with a password to do some functions, only keys. Telnet SSH for the Blackberry playbook does ssh only with passwords. Does anyone know of an SSH application for the playbook which allows the use of Agent forwarding and ssh keys? On Dec 22, 11:02=A0am, "leona...@sympatico.ca" <leona...@sympatico.ca> wrote: > We use ssh keys and agent for a lot of our work. You cannot login with > a password to do some functions, only keys. > > Telnet SSH for the Blackberry playbook does ssh only with passwords. Playbook Telnet SSH application starting from v. 1.0.0.7 supports key based authentication. First you need to upload your private key to a shared folder and then on Auth page you'll be able to choose this key. > Does anyone know of an SSH application for the playbook which allows > the use of Agent forwarding and ssh keys? ...

ssh remote port forwarding
Hello experts, I have a little problem using ssh and remote port forwarding. Here is the problem: I have one machine (A) behind a nat firewall that I'd like to be able to access from the outside via ssh. Unfortunately I have no control over the router, so no DMZing it. So I was thinking of sshing from machine A behind the firewall to a machine outside the nat (machine B) and using reverse port forwarding on that machine. Then I could ssh to machine B and that would then forward the connection to A. so far I run this on A: sudo ssh -g -N -R 2222:127.0.0.1:22 machineBusername@machineB.something then running the following in the outside world: ssh -p 2222 machineAusername@machineB.something yields a time out. I'm a bit confused on how to get this to work. Is what I want to do pricipally possible and if so, what can I do to make it work? Regards, Sven. -- s v e n (dot) d (dot) m e i e r (at) g m x (dot) n e t In article <e0s4cl$dua$1@dennis.cc.strath.ac.uk> Sven <no@spam.com> writes: > >I have a little problem using ssh and remote port forwarding. Here is >the problem: I have one machine (A) behind a nat firewall that I'd like >to be able to access from the outside via ssh. Unfortunately I have no >control over the router, so no DMZing it. > >So I was thinking of sshing from machine A behind the firewall to a >machine outside the nat (machine B) and using reverse ...

Gentoo SSH su fail
I am running Gentoo, I have set sshd up so that it won't allow root to login directly, but "su -" doesn't work. This works on my Red Hat box with the same setup so root can't directly login, can anyone tell me what I did wrong, or what I should post in order to get some advising on the situation. Thank you in advance. Chris wrote: > I am running Gentoo, I have set sshd up so that it won't allow root to > login directly, but "su -" doesn't work. This works on my Red Hat box > with the same setup so root can't directly login, can anyo...

Web resources about - how to have ssh fails if remote forwarding fails - comp.security.ssh

Call forwarding - Wikipedia, the free encyclopedia
Call forwarding , or call diversion , is a telephony feature of some telephone switching systems which redirects a telephone call to another ...

Facebook Messenger For IOS Adds Groups, Message Forwarding
Facebook released version 4.0 of its Messenger application for iOS , and the major additions were the ability to create groups , and the ability ...

Choice urges IP spoofing for better IT prices - Parliament, House, prices, iTunes, guide, US forwarding ...
Consumers should spoof their IP address and use US forwarding addresses to beat high IT prices in Australia, consumer advocacy group Choice said. ...

Martin Taupau email mix-up highlights legal risks of forwarding misdirected message
An incredible email mix-up gave a Canadian theatre critic a cracking NRL scoop &ndash; and potentially a legal headache.

VPN Routing & Forwarding Instance_网络子站_IT专家网
VRF-VPN路由转发实例(VPN Routing & Forwarding Instance) VPN Routing & Forwarding Instance

Facebook Messenger updated to version 4.0 with groups and message forwarding
... 4.0 Groups: Now you can create groups for the people you message most. Name them, set group photos and keep them all in one place Forwarding: ...

Facebook Messenger For IOS Adds Groups, Message Forwarding - SocialTimes
Facebook released version 4.0 of its Messenger application for iOS , and the major additions were the ability to create groups , and the ability ...

Sprint StarStar Me offers vanity phone numbers and controlled call forwarding
Sprint has kicked off a new add-on service today called StarStar Me. For $2.99/month, subscribers can register a new number that's accessed by ...


Facebook Messenger 4.0 Features Easy Group Creation And Message Forwarding
... , its messaging-focused app, to version 4.0 on iOS. Facebook Messenger 4.0 introduces a couple of significant new features: groups and forwarding. ...

Resources last updated: 3/7/2016 10:54:28 AM