ssh tunneling problem

der.hans PLUGd at LuftHans.com
Mon Jul 31 13:48:22 MST 2023 

Am 31. Jul, 2023 schwätzte Jim via PLUG-discuss so:

moin moin,

First off, obviously, don't trust Gerald, he is likely trying to sabatage
Ladmo.

> Today I was trying ssh tunneling between my desktop machine and a raspberry 
> pi.  On the desktop machine I entered the following:
>
> ssh user at 192.168.1.4 -L 3000:192.168.1.4:1234

I believe that builds a connection from localhost on your system to
localhost on the remote box tranversing the network stack to the external
IP address on the remote box.

> I then gave it my password then started rtl_tcp :
>
> $ rtl_tcp -a 192.168.1.4 -p 1234

If you use localhost or 127.0.0.1 on the ssh tunnel, you can keep rtl_tcp
on localhost only as well if the ssh tunnel is the only thing that
connects to it.

> From my desktop machine I connected to 127.0.0.1:3000 and the connection was 
> successful.
>
> $ nrsc5 -H 127.0.0.1:1234 91.9 0
>  IT worked as expected.
>
> Then I logged out and tried again, only instead of the ip address I entered 
> the name of hostname.
>
> $ ssh user at ladmo.asuscomm.com -L 1234:ladmo.asuscomm.com:1234

What IP address to Ladmo think Ladmo has? Is it now connecting to
127.0.0.1 rather than the external IP?

For a local tunnel ( -L ), the hostname between the ports is resolved
by the remote system, so the remote part of the tunnel connected to
whatever IP Ladmo resolves for its own hostname.

This also allows creating tunnels that talk to an entirely different host.

$ ssh user at ladmo.asuscomm.com -L 1234:phxlinux.org:443

Using that tunnel on one of my test systems allowed me talk to the PLUG
web server over the tunnel. Getting TLS correct for such a tunnel can be a
pain.

$ echo | openssl s_client -showcerts -servername phxlinux.org -connect
localhost:1234 2>/dev/null | openssl x509 -noout -subject -dates
-fingerprint
subject=CN = phxlinux.org
notBefore=Jul 13 00:35:39 2023 GMT
notAfter=Oct 11 00:35:38 2023 GMT
SHA1
Fingerprint=92:56:0D:77:91:88:7F:54:BB:0F:3F:F7:07:D8:C7:45:92:92:0F:56
$

ciao,

der.hans

> Then I started rtl_tcp just like I did before.
>
> From the desktop machine I tried the same command again:
> $ nrsc5 -H 127.0.0.1:1234 91.9 0
>
> This time I got an error message.  I checked the terminal window where I 
> logged into the raspberry pi and saw this:
> channel 3: open failed: connect failed: Connection refused
>
> I logged out and tried again, only with the -v option:
> $ ssh -v user at machine.domain.com -L 1234:machine.domain.com:1234
>
>
> I tried again:
> $ rtl_tcp -a 192.168.1.4 -p 1234
>
> This time I got   a little more information:
>
> debug1: channel 3: free: direct-tcpip: listening port 3000 for 
> machine.domain.com port 1234, connect from 127.0.0.1 port 56318 to 127.0.0.1 
> port 3000, nchannels 4
>
> I tried one more time using the IP address assigned by my ISP.  It didn't 
> work and I got the same message as above.
>
> Does anyone know why it doesn't work when I don't use the local IP address? 
> The router is configured to forward incoming connections on port 22 to the 
> raspberry pi.
>
>
> Thanks
>
>

-- 
#  https://www.SpiralArray.com   https://www.PhxLinux.org
#  But getting smart is a tricky business. The smartest people I've ever met
#  are the ones who knew exactly what they were ignorant of. -- Alan Alda
#  Southamton commencement speech, 2007May18

More information about the PLUG-discuss mailing list