Re: ssh tunneling problem

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJim via PLUG-discuss at <-
 
Attachments:
Message as email
+ (text/plain)
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans via PLUG-discuss
Date:  
To: Jim via PLUG-discuss
CC: der.hans
Subject: Re: ssh tunneling problem
Am 31. Jul, 2023 schwätzte Jim via PLUG-discuss so:

moin moin,

First off, obviously, don't trust Gerald, he is likely trying to sabatage
Ladmo.

> Today I was trying ssh tunneling between my desktop machine and a raspberry
> pi.  On the desktop machine I entered the following:
>
> ssh user@192.168.1.4 -L 3000:192.168.1.4:1234

I believe that builds a connection from localhost on your system to
localhost on the remote box tranversing the network stack to the external
IP address on the remote box.

> I then gave it my password then started rtl_tcp :
>
> $ rtl_tcp -a 192.168.1.4 -p 1234

If you use localhost or 127.0.0.1 on the ssh tunnel, you can keep rtl_tcp
on localhost only as well if the ssh tunnel is the only thing that
connects to it.

> From my desktop machine I connected to 127.0.0.1:3000 and the connection was
> successful.
>
> $ nrsc5 -H 127.0.0.1:1234 91.9 0
>  IT worked as expected.
>
> Then I logged out and tried again, only instead of the ip address I entered
> the name of hostname.
>
> $ ssh -L 1234:ladmo.asuscomm.com:1234

What IP address to Ladmo think Ladmo has? Is it now connecting to
127.0.0.1 rather than the external IP?

For a local tunnel ( -L ), the hostname between the ports is resolved
by the remote system, so the remote part of the tunnel connected to
whatever IP Ladmo resolves for its own hostname.

This also allows creating tunnels that talk to an entirely different host.

$ ssh -L 1234:phxlinux.org:443

Using that tunnel on one of my test systems allowed me talk to the PLUG
web server over the tunnel. Getting TLS correct for such a tunnel can be a
pain.

$ echo | openssl s_client -showcerts -servername phxlinux.org -connect
localhost:1234 2>/dev/null | openssl x509 -noout -subject -dates
-fingerprint
subject=CN = phxlinux.org
notBefore=Jul 13 00:35:39 2023 GMT
notAfter=Oct 11 00:35:38 2023 GMT
SHA1
Fingerprint=92:56:0D:77:91:88:7F:54:BB:0F:3F:F7:07:D8:C7:45:92:92:0F:56
$

ciao,

der.hans

> Then I started rtl_tcp just like I did before.
>
> From the desktop machine I tried the same command again:
> $ nrsc5 -H 127.0.0.1:1234 91.9 0
>
> This time I got an error message.  I checked the terminal window where I
> logged into the raspberry pi and saw this:
> channel 3: open failed: connect failed: Connection refused
>
> I logged out and tried again, only with the -v option:
> $ ssh -v -L 1234:machine.domain.com:1234
>
>
> I tried again:
> $ rtl_tcp -a 192.168.1.4 -p 1234
>
> This time I got   a little more information:
>
> debug1: channel 3: free: direct-tcpip: listening port 3000 for
> machine.domain.com port 1234, connect from 127.0.0.1 port 56318 to 127.0.0.1
> port 3000, nchannels 4
>
> I tried one more time using the IP address assigned by my ISP.  It didn't
> work and I got the same message as above.
>
> Does anyone know why it doesn't work when I don't use the local IP address?
> The router is configured to forward incoming connections on port 22 to the
> raspberry pi.
>
>
> Thanks
>
>

--
# https://www.SpiralArray.com https://www.PhxLinux.org
# But getting smart is a tricky business. The smartest people I've ever met
# are the ones who knew exactly what they were ignorant of. -- Alan Alda
# Southamton commencement speech, 2007May18---------------------------------------------------
PLUG-discuss mailing list:
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-ssh tunneling problemRe: Slow Windows Box->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)