Prevent blocking remote port when setting up a SSH tunnel/SSH port forwarding?
Assume I create an SSH tunnel to a remote computer with
ssh foobar@remcomp -L 20110:remcomp:110
then it seems to me that on the remote computer port 110 is blocked for other
clients. Is this true?
How can I prevent this exclusive locking?
email@example.com (Peter Insold) writes:
> Assume I create an SSH tunnel to a remote computer with
> ssh foobar@remcomp -L 20110:remcomp:110
> then it seems to me that on the remote computer port 110 is blocked for other
> clients. Is this true?
Dag-Erling Smørgrav - firstname.lastname@example.org...SSH Keys: MULTINET SSH Client to TCPIP SSH Server
Has anyone here had occasion to configure a Multinet 4.4 SSH client to
use public key authentication when connecting to an HP TCPIP (5.4) SSH
I created my public/private DSA key pair on the Multinet host, copied
the public key to my [.SSH2] directory on the TCPIP server, and
referenced the new key in the TCPIP server's AUTHENTICATION file.
From what I understand of the TCPIP SSH docs, the format of the public
key file is a single (long) line, beginning with the key type and
followed by the key value, e.g.:
So after I copied my public key to the TCPIP host, I edited it with
EVE to get it into the format shown above. Was this my mistake?
Shuold I have used another method to make these two SSH
On the Multinet client, the same public key appears in this format:
---- BEGIN SSH2 PUBLIC KEY ----
---- END SSH2 PUBLIC KEY ----
To make the SSH connection, I entered this command on the MU host and
received the following responses:
$ SSH/USER=<host2username>/IDENT=<private key filename> <host>
warning: <MUhostdev:[dir.SSH2]<private-key>.: 4: parsing line failed.
warning: <MUhostdev:[dir.SSH2]<private-key>.: 5: parsing line failed.
warning: <MUhostdev:[dir.SSH2]<private-key>.: 6: parsing line failed.
warning: <MUhostdev:[dir.SSH2]<private-key>.: 7: parsi...ssh to ssh
I have the following scenerio:
Remote PC with Xmanager
small linux gateway, with sshd and ssh but no X software
local host with sshd and X software
I am trying to do the following from the remote PC:
ssh -X (gateway addr. x.x.x.x "ssh -X (local host add 192.168.25.40) xterm"
and it is failing. Please help if possible.
Looking at the verbose output I see:
OpenSSH_3.8.1p1, OpenSSL 0.9.7c 30 Sep 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to x.x.x.x [x.x.x.x] port 80.
debug1: Connection established.
debug1: ident...SSH over SSH
Our university network is accessed through a gateway machine, which
accepts SSH connections and from which I can SSH onto other machines.
I'm looking to write a program to make it easy for Mac OS X users to
set up tunnels. Part of this involves storing passwords in the
If I just want to forward a local port to the gateway machine, I can
set SSH_ASKPASS to something suitable which looks in the keychain.
However, if I want to forward a local port to another machine on my
university network, i.e., another hop, I need to somehow have an
SSH_ASKPASS utility on the gateway m...ssh ssh
I am trying to write a script that takes a list of hosts and sshs into
the first one and then can ssh to other ones. I can only ssh to the
other hosts from the first host.
Here is what I tried:
I think it is waiting for the ssh to the first host to finish.
I guess I could scp a partial hostlist and a program to *.domain and
then run the program remotely.
Am I on a right track?
open( HL, '<hostlist3.txt' ) || die "can't open hostlist3";
open( HL, '<hostlist3.txt' ) || die "can't open hostlist3&qu...Using ssh forwarding for ssh itself.
I'm trying to ssh into my (Linux) computer at work. Normally I ssh
into the department's main (Unix) computer, then ssh into my own, but
I thought I'd try out port forwarding. So in one xterm I do this:
$ ssh -L 9999:my_computer:22 main_computer
[main_computer prints login message then the following]
channel 3: open failed: administratively prohibited: open failed
channel 3: open failed: administratively prohibited: open failed
In another xterm, I try this:
$ netstat -tl
[shows my computer is listening on 9999]
$ ssh -p 9999 -v localhost
debug1: Reading configuration data /home/adam/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 9999.
debug1: Connection established.
debug1: identity file /home/adam/.ssh/identity type -1
debug1: identity file /home/adam/.ssh/id_rsa type -1
debug1: identity file /home/adam/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
Does the "administratively prohibited" message mean that main_computer
is configured not to allow this? Or am I doing something wrong?
If I can get this working, will I also be able to use scp directly
from my home computer to my desktop (instead of copying to my account
on main_computer first)?
In comp.security.ssh Adam Funk <email@example.com> wrote:
> I'm trying to ssh into my (Linux) computer at work. Normally I ssh
> in...Axessh Windows SSH Client and SSH Server 4.0
Axessh is a Windows SSH client. It is a superb terminal emulator/
telnet client for Windows. It provides SSH capabilities to Axessh
without sacrificing any of existing functionality. Furthermore, Axessh
has been developed entirely outside of the USA, and can be sold
anywhere in the world (apart from places where people aren't allowed
to own cryptographic software). SSH is the industry standard for
remote logins. It addresses most of the critical issues which concerns
most users while on the internet ; cyber hackers stealing passwords
and other important information. Axessh brings y...net::ssh::Perl connecting to f-secure ssh server
I asked this on the wonderful Perlmonks site and am repeating here incase
the one with the answer is here and not there....
We need to write a script that will connect to a softswitch (Ericsson),
run commands retrieving output to files and sometimes using some of that
output as parameters to more commands.
The softswitch runs on Windows NT server and uses F-Secure 3.2.0. The
client box will be Solaris with Perl 5.8.8.
I can run ssh from the shell and connect OK. I can run the "commands"
and see output on screen.
I have started to write a demo in Perl and I can login f...Port Forwarding and Multiple SSH Servers
Behind my firewall I have several SSH servers that I connect to with
ssh -p xx user@firewall_IP_address
and then the firewall forwards it to the correct server, generally
running some version of Linux. The problem is this error message:
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
It is also possible that the RSA h...Reversed ssh security possible? (public key on server, private key on client)
Let's say I got a bunch of untrusted machines and I would like would
like to manage them using ssh.
If I stored private keys on the machines(one for each) than the
someone might be able to retrive them. And than be able to connect to
the same machine from other machines. (The machines are restored to
their original state after each user.)
But if I stored the same public key on all the machines and I had the
private key on my machine than I would be able to connect to the
machines without the problems I described above.
Is this public key on server and private key on client scenario
somehow possible with ssh?
ifj. Tarnay K?lm?n <KalmiSoft@gmail.com> wrote:
> Hi all,
> Let's say I got a bunch of untrusted machines and I would like would
> like to manage them using ssh.
> If I stored private keys on the machines(one for each) than the
> someone might be able to retrive them. And than be able to connect to
> the same machine from other machines. (The machines are restored to
> their original state after each user.)
I'm not sure which private keys you're referring to. Every SSH server
has a private host key, but it doesn't require private user keys for
> But if I stored the same public key on all the machines and I had the
> private key on my machine than I would be able to connect to the
> machines without the problems I described above.
For user keys, that's correct. Unless this is ...ssh remote port forwarding
I have a little problem using ssh and remote port forwarding. Here is
the problem: I have one machine (A) behind a nat firewall that I'd like
to be able to access from the outside via ssh. Unfortunately I have no
control over the router, so no DMZing it.
So I was thinking of sshing from machine A behind the firewall to a
machine outside the nat (machine B) and using reverse port forwarding on
that machine. Then I could ssh to machine B and that would then forward
the connection to A.
so far I run this on A:
sudo ssh -g -N -R 2222:127.0.0.1:22 machineBusername@machineB.something
then running the following in the outside world:
ssh -p 2222 machineAusername@machineB.something
yields a time out.
I'm a bit confused on how to get this to work. Is what I want to do
pricipally possible and if so, what can I do to make it work?
s v e n (dot) d (dot) m e i e r (at) g m x (dot) n e t
In article <firstname.lastname@example.org> Sven <email@example.com> writes:
>I have a little problem using ssh and remote port forwarding. Here is
>the problem: I have one machine (A) behind a nat firewall that I'd like
>to be able to access from the outside via ssh. Unfortunately I have no
>control over the router, so no DMZing it.
>So I was thinking of sshing from machine A behind the firewall to a
>machine outside the nat (machine B) and using reverse ...SSH Tunnel through a firewall with a SSH Server
We have just release a new software to manage ssh Tunnel.
SSH tunnels are very easy to set up to allow external worker to get
encrypt access (VPN) to a LAN.
Please visit our web site for more information about ssh tunnels.
SSH Tunnel is the most reliable way to build A Virtual Private Network.
SSH Tunnel works with a SSH server and allows to access resources within
a Local Area Network from the outside.
SSH Easy Tunnel uses plink software (a part of putty) to build up an
encrypted tunnel. We decided to use plink for its reliability and
because it is p...python ssh and Tetia SSH server
Anyone out there any experience of using python ssh modules to connect
to the Tetia SSH server from SSH (ssh.com)?
...Python ssh with SSH Tectia server
Has anyone any experiencing with ssh between a python client and the
SSH Tectia server from SSH (ssh.com) ?
Does it work?
...ssh called from ssh bug report.
I have a problem with ssh failing.
Some external users send data to our firewall using ssh.
$ ssh firewall handle_data args < data
When handle_data do a 'ssh real_host handle_data', all works well.
But when handle_data do
'iconv -f utf8 -t latin1 | ssh real_host handle_data' the data get cut.
I have made a small script to demo the bug:
-- cut --
# produce output with pauses
for (( I=0 ; I < 10 ; I=I+1 )) ; do
ssh localhost 'cat | ssh localhost cat'
-- cut --
I have tried different versions:
OpenSSH_3.6.1p2 De...ssh.com v220.127.116.11 slow performance with ftp over ssh port forwarding?
i am using a ssh port forwarded tunnel to secure a ftp connection between 2
both run the same ssh version, mentioned in subject.
what i do is:
ssh -l username remotehost -L ftp/10001:localhost:21
ftp/ should ensure that the data channel is encrypted via the tunnel as
well, not only the control channel.
anyways, i got a 3 mbit dsl line here, and am not able to get more than
210KByte/sec over the forwarded ftp connection. i treid the same setup to
other machines as well, same results. i tried changing the ciphers,
performance stays the same. i mean i would expect some overh...How to secure SSH from low security app server to high security DB server?
We need to be able to run commands from a low security application
server (as this is running web servers and thus a large number of people
have access to the web servers) to a high security database server. I
would like to use SSH (maybe a locked down ssh server) to do this but
the system administrators will not allow this as they say that if a bug
is found with the SSH server then the secure database server could be
compromised by the compromised SSH server. The sysadmins want us to come
up with another way of running commands on the database server from the
I th...FTP port forwarding in SSH.. Secure??
I was trying the "FTP Port Forwarding"
to secure the FTP transfer). I really like it, but I have a question:
On the unix manual pages (man ssh2), the description of the "-L"
option indicates that part of the connection is not secure when you
use FTP Port Forwarding, could someone please explain me what part is
not secure? Is it referring to the FTP data which is non-encrypted
inside the tunnel? Below is text from manual
page for F-Secure SSH2
...SSH port forwarding on shared server
At uni I sometimes want to connect to things on my home server (web
I can do this using ssh with port forwarding (ssh -L ...), but the
problem is that the servers at uni run dozens of other terminal
clients, so everyone else gets access to my forwarded port!
Is there a way of making the local port secure in the sense that ssh
will only allow me to connect to it?
One idea I had is as follows:
- Wait until connection to local port
- Look through /proc for processes being run by the same user as ssh
- For each process owned by the user, look at any pipes it has open
- For ea...IOS
Many IOS IP commands (eg, telnet) by default generate packets with
the source address of the interface through which they are sending.
My "ISP" (UCLA central services) is refusing packets with a source IP
address of the department - backbone DMZ for security reasons. I have
found a number of commands that allow one to change the behavior to
that of using some other interface (eg, Loopback0) for generated
However, I can't figure out how to fix outbound ssh. The logical
command would be IP SSH SOURCE-INTERFACE LOOPBACK0, but this command
isn't valid on my 6...I have a question about Remote port forwarding in SSH
Hi, I am trying do remote port forwarding in SSH and make the forwarded
port available over a network.
One machine, S, is behind a firewall and I can ssh out, but not ssh
in. I can connect using a VPN which only works with Windoze. The other
machine, H, is behind a different firewall, and it can SSH in or out.
So I what I do is connect to the machine S from the machine H and then
give the command:
user@S$ ssh -R22222:localhost:22 H
Then, on the machine H, I give the command
user@H$ ssh -p 22222 localhost
and I am connected. Using public key authentication, I don't need to ...Help SSH client does not see SSH agent...
I performed all of the steps necessary to set up an agent. I check the
permissions of my .ssh dir on both client and server and they are
correct. Here's the verbose output. I have RH Fedora on server, and
HPUX 10.20 on client. Pertinent values have been changed to hide
identity. Any pointers on how I can debug this further?
Script started on Thu Aug 12 15:50:16 2004
24;1HJ0mSSH_CLIENT 93: ssh -v SSH_SERVER ls
SSH Version 1.2.26 [hppa1.1-hp-hpux10.20], protocol version 1.5.
Standard version. Does not use RSAREF.
SSH_CLIENT: ssh_connect: getuid 101 geteuid 110 anon 1
SSH_CLIENT: Connecting...ssh for playbook with ssh agent forwarding and keys
We use ssh keys and agent for a lot of our work. You cannot login with
a password to do some functions, only keys.
Telnet SSH for the Blackberry playbook does ssh only with passwords.
Does anyone know of an SSH application for the playbook which allows
the use of Agent forwarding and ssh keys?
On Dec 22, 11:02=A0am, "leona...@sympatico.ca" <leona...@sympatico.ca>
> We use ssh keys and agent for a lot of our work. You cannot login with
> a password to do some functions, only keys.
> Telnet SSH for the Blackberry playbook does ssh only with passwords.
Playbook Telnet SSH application starting from v. 18.104.22.168 supports key
First you need to upload your private key to a shared folder and then
on Auth page you'll be able to choose this key.
> Does anyone know of an SSH application for the playbook which allows
> the use of Agent forwarding and ssh keys?
...ssh tunnel to non-standard ssh port
I have an instance where I am wanting to connect to a remote server
which has ssh listening on a non-standard port (22170). I cannot
create a ssh tunnel without ssh also listening to port 22 or have no
port assigned -- I also have to open port 22 on my firewall.
Is there a way that I can create a ssh tunnel to a remote server which
has ssh listening on a non-standard port? Here is my tunnel command:
ssh -f -N -R 22170:localhost:22 firstname.lastname@example.org
Am Mon, 20 Aug 2007 04:03:38 -0700 schrieb gmac63:
> I have an instance where I am wanting to connect to a remote server