Reverse ssh tunnelling with mosh?

Hi,
Perhaps I'm being cheeky, but I'd like to know if this is possible, avoiding autossh. The idea is to connect to a machine at home with my laptop at uni (heavily firewalled) with mosh, passing in a reverse tunnel command. Because mosh likes to be alive whenever possible, so long as my laptop has internet access, the reverse tunnel is open.
The command I've used is:
mosh -p 60000 --ssh="ssh -4 -p27182 -R 19999:localhost:22" [email protected]
Upon connecting, and testing the reverse tunnel:
serenity@xxx$ ssh -p19999 yyy@localhost
socket: Address family not supported by protocol
ssh: connect to host localhost port 19999: Address family not supported by protocol
After a google, this error message seems to be attributed to ssh using IPv6 when it shouldn't, but using -4 in the ssh command above does not resolve the issue. Any ideas?

p0x8 wrote:$ netstat -putan | grep LISTEN | grep 19999
There is no output, so I'm assuming that you're right in that ssh is not kept alive. Also, if I try my above mosh command and attempt to reverse tunnel with the IPv4 'standard' localhost address:
serenity@xxx$ ssh -p19999 [email protected]
ssh: connect to host 127.0.0.1 port 19999: Connection refused
... which is interesting, but probably only a side-effect of ssh rather than what I want to work. Alas, thanks for your help!

Similar Messages

Reverse SSH Tunnel problem?

I'm trying to do a reverse SSH tunnel for a VNC project. I'm successful when I do it on a Linux box or Cygwin under Windows, but I'm having problems under Mac OS.
Here's what I do:
Terminal 1:
ssh -nNTvvv -R 5500:localhost:5500 -l my_username myhost.com
Then, to see what's going on, I run in terminal 2:
nc -l -p 5500
Then, in a third terminal, I ssh over to myhost.com, and telnet to localhost 5500.
If I initiate this whole setup on other platforms, I can then type stuff in my in the third terminal and see it echoed happily in terminal 2.
Under Mac OS, everything goes fine until I do the telnet on myhost.com. The diagnostic in terminal 1 is:
debug1: channel 0: new [::1]
debug1: confirm forwardeded-tcpip
debug3: channel 0: waiting for connection
debug1: channel 0: not connected: Connection refused
It's not a firewall issue, as I can telnet directly to port 5500 on the Mac from myhost.com without any problem.
Google gives me no help here. Any ideas?
Thanks!
12" G4 Powerbook Mac OS X (10.4.8)

Figured it out - did a no ip ssh v 2 and hey presto started working

Screen Sharing.app fails through ssh tunnel with "You cannot control your own screen"

I need to control a remote Mac mini running 10.7 through an ssh tunnel. I've set up ssh with -L for the appropriate ports, and bound my local ports 5900 and 5800 through this.
When I connect to 127.0.0.1 with Screen Sharing.app on my macbook pro which runs 10.8.4, it says "You cannot control your own screen" however, screen sharing is not enabled locally on my machine, I'm trying to access a remote machine.
I tried something else. I created an alias IP of 127.0.0.2 on lo0, and tried again, and got the same thing, so it's doing an ifconfig and looking through all the IPs to see if the IP address of what I'm trying to connect to is bound locally, which defeats the purpose of tunneling through SSH. I don't wish to setup a VPN.
How do I let the Screen Sharing.app know that I'm not trying to connect to my own machine and it should skip this check.
I've also tried with another app, Chicken of the VNC, and that almost works. It connects and shows a login screen desktop to the target machine, but I'm unable to click on any of the account icons displayed in order to login, and all key presses such as tab, space, and enter are ignored.
When at the location (on the same vlan as the target machine) I'm able to remote into it just fine with screen sharing.app, but Chicken of the VNC has the same issue of showing a login screen, but not allowing logins to it.

Your ssh command should look something like:
ssh -L 22590:localhost:5900 remove.mac.system.address
Then you connect using
Finder -> Go -> Connect to server -> vnc://localhost:22590
Have you been doing anything close to that?

Reverse ssh tunnel broken in screen

example:
You want to access from Linux client with IP 138.47.99.99
Destination (masked ip) <- |NAT| <- Source (138.47.99.99)
destinationuser@destinationdomain$ screen
destinationuser@destinationdomain$ ssh 2222:localhost:22 <sourceuser>@138.47.99.99 (address of the source domain)
sourceuser@sourcedomain$ ssh destinationuser@localhost -p 2222
Password: (typed in the password)
then get some stuff about authentication failure
this works fine as long as ssh is not executed within a screen session (omit line 1 of the code block above). why is that?
TIA

That should be possible with socat and openssl (if you want encryption).

SSH tunneling to connect to remote computer

Hi,
I have to connect to my remote database(RHEL box) from a windows using SSH tunnel
1. I have set up the SSH tunneling(with outgoing tunnel)
2. I have made a entry in the TNSnames.ora file
3. I establish connection to the remote server using SSH client and when i do tnsping
i do get connection. Even when i change the host name to some unkown name i do get a tnsping but iam not able to connect to the database. do iam wrong anywhere
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ISIL-PRJ
-04)(PORT = 1523)) (CONNECT_DATA = (SID = ora1022b)))
OK (800 msec)
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ISIL-PRJ
-04)(PORT = 1523)) (CONNECT_DATA = (SID = blablabla)))
OK (800 msec)
even when i change my sid name i get a tnsping. can anybody explain

Hi,
Looking for this schema below and see if help you:
           Secure Connection
   +---->-------[SSH]-------->-----+
   |                               |
   |                               |
   ^                               |
   |       Insecure Connection     v
CLIENT---->--------------------> ORACLE
ssh2 -l oracle -L 1521:192.148.1.251:1521 200.10.11.12
                    |          |                |
                    |          |                |
               A LOCAL        |                |
               B       INTERNAL IP ORACLE       |
               C                       EXTERNAL IP (GATEWAY)
                                                     C                             B
      | Firewall| . . . . .|INTERNET| . . . . . . |Firewall| . . . . . . . . . . |ORACLE|
      | Gateway |                                 |Gateway |                 192.148.1.251:1521
           .                                     200.10.11.12
     A     .
   |Oracle Client|
   (TNSNAMES.ORA)
     <SERVICE> =
       (DESCRIPTION =
         (ADDRESS_LIST =
           (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
         (CONNECT_DATA =
           (SID = <SID>)
       )Cheers

[SOLVED] Encrypted Socks Tunnel with SSH

many people use command
$ ssh -ND 8080 user@host
to protect internet traffic by tunneling to a safe location (like home server).
This should be done from client side and after connection is established, one can use localhost:8080 as a proxy server in web browser.
The question is following: is it possible to reverse direction of tunnel initiation? That is, establishing tunnel from the server side (with autossh for example) and then, similarly to above example, using localhost:8080 on the client side as a proxy?
Or should I run something as polipo on a server and then use simple tunneling with -R switch?
Last edited by Rimas (2011-08-13 22:14:24)

Thank you, ewaller.
Actually I did tunneled proxy once by establishing first reverse tunnel, like
$ ssh -qNnT -R 3333:localhost:22 mydomain.com
and then on client side
$ ssh -p 3333 -D 8888 localhost
but I'm not sure about how -D switch actually works and if it possible to introduce it somehow into first command to make tunnel and proxy forwarding simultaneously.

Router reverse SSH

Hello all,
I think i know the answer to this already, however, I was hoping someone had a brilliant idea to get this working.
In a nutshell, we are in the process of deploying DMVPN spokes at numerous locations throughout the world. In some of these areas, the connectivity is NAT'd several times. Normally this is not an issue due to the tunnel coming up, however when it does not, it is always awkward working with the receptionist to get it working again.
Topo:
Hub -- Internet -- NAT -- Spoke
I was thinking along the lines of an EEM script on bootup that does a remote SSH from the router to another router or to a server. This way we can ssh into them without needing to have someone local or shipping equipment back and forth? Is anyone doing this today or something else along these lines? It would be ideal to be able to do a remote wipe on one if it's stolen (and plugged into the Internet) or something along those lines.
thanks!

Follow these steps to configure reverse ssh for console access:
1. enable
2. configure terminal
3. line line-number [ending-line-number]
4. no exec
5. login authentication listname
6. transport input ssh
7. exit
8. exit
9. ssh -l userid:{number} {ip-address}
Following link may help you
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804831b6.html#wp1027188

Possible to ssh tunnel Bonjour traffic across different subnets?

Hello:
For quite some time, I have been thinking of buying a couple of iSights to enable audio/visual between two distant computers. But I really don't want to have to leave a dozen ports in my DSL modems opened up in order to use AIM or Jabber servers to iChatAV to my "usual" called parties (I can't help it, I'm paranoid - I have one ssh port open on my DSL modem at home - so most everything I do from afar -- afp (port 548), vnc( port 5900), etc., I tunnel it all over ssh).
So, in a similar vein, what I would like to do is treat a distant computer as if it were on my local 192.168.x.x NAT subnet, in order to do a Bonjour-like iChatAV connection without having to go to through these public servers and without having to leave a dozen ports open in my firewall (or go through the drill of opening/closing ports every time I want to iChat).
Now, if I understand this correctly, on one's local subnet, iChat AV works using Bonjour to communicate with other iChat AV users on the same subnet, which, I think, uses multicast packets. So I'm wondering if it is possible to ssh tunnel multicast traffic to a different computer like so:
ssh -L 5297:localhost:5297 -L 5298:localhost:5298 {called.party.IP.address}
thus being able to set up a secure point-to-point iChatAV connection?
Anybody ever do something like this?

Hin j.v.,
It is possible to iChat Bonjour over a Virtual Private Network , yes.
2:33 PM Thursday; May 4, 2006

Ssh tunnel how to set up in SL?

I have a server running SL with the firewall activated. I want to tunnel in to it from outside my own network, while on the road. I have used SSH Tunnel Manager to do so in the past (like for 4 years) but can not get it to work today.
On my SL Server 10.6.8 I can not find anywhere to open ports, but I understand that if I activate File Sharing and Remote Management it will open port 22. Correct?
On my router I opened port 3283 and 5900. Correct?
Where I get stuck is what to put in to SSH Tunnel Manager. I can not find any clear novice instructions for it anywhere. And I am confused as to what to put where.
Can anybody help? Thanks.

Thanks Bob, it is raining cats and dogs so good time to check.
I got it all up and running.
I am testing from a real slow connection (on purpose as this what I have often being on the road) and the screen update is (too) slow. I tried all your methods and can not see any different in speed (read slowness).
BobHarris wrote:
The reason I do this is because Chicken allows me to use reduced colors (like 8-bit colors), and the Vine Server both honors my reduced color request and it actually plays nice with reduced colors (the Mac OS X Screen Sharing server does not alway play nice with anything less then 32-bit colors, which needs a lot more bandwidth).
Where or how do you implement this? I can not find it anywhere. I am on 10.6.8 btw.
And what is more my connection over Mac's Screen Sharing client, having Vine Server server turned on or not on the remote Mac makes also no difference. I can get in either way and speed is the same.
Here is the setting of my remote Mac just in case I should not turn both, the last two, on:
Than there is an other problem.
I suppose this is not a problem as I am tunnelling in over SSH, but would like to make sure.
I also tried to follow the instructions on the alert screen, but no such settings are to be found on the remote computer. Must be an out of date message text. Or am I blind?
Looking forward to your wisdom.
Message was edited by: ChangeAgent.
Had an external link for the images as they refused to upload. Sometimes, when this happens, you can upload images after you post. That worked so removed links.

Ssh tunneling

Hi,
I have tried the following:
on PC1 (win xp) I have created ssh connection with port forwarding
(local 8888 to remote 8888) to server1.
From server1 I have created another ssh connection with portforwarding to server2(local 8888 to remote 1521).
When I try to connect to oracle instance on server2 from PC1, using this kind of tunneling I got an error:
Oracle Error :: TNS-12547
TNS:lost contact
Does anyone have some experience with this kind of tunneling or is this kind of tunneling is possible?
Thanks,
Goran

Perhaps this thread will help you with tunneling vnc through ssh. I have personally put a number of posts about doing this; you might try searching these forums on user "j.v." and search terms "VNC" and "tunnel" if you want to see some of the stuff I have posted.
As far as tunneling your web browser through an ssh proxy, I think the easiest way to do this is to get a second web browser like Firefox for all the proxy stuff, and set it up as a SOCKS5 to proxy to "localhost:1080" or whatever port. Then, when you make a ssh connection, add a "-D 1080" option to your ssh command that you issue at the client computer. In Terminal, type "man ssh" to learn more about the "-D" proxy tunnel option.

Jconsole - remote connection thru ssh-tunnel

Hi all,
I need to start jconsole on my windows-box and connect to a remote tomcat-server thru an ssh-tunnel.
I have walked thru various posts and blogs, but finally couldn't get it running.
On the linux-server, I have set the following JAVA_OPTS:
export JAVA_OPTS='-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8888 -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.useLocalHostname=true -Dcom.sun.management.jmxremote.authenticate=false -Djava.rmi.server.hostname=myserver'myserver is the server-name that is resolved by the hostname-command. I also tried using localhost instead.
On the client I run the following ssh-command to create the tunnel:
ssh tomcat@myserver -L8888:myserver:8888 -N -vWhen I try to create a remote connection with jconsole using localhost:8888, I see the following output by ssh:
debug1: Connection to port 8888 forwarding to myserver port 8888 requested.
debug1: channel 1: new [direct-tcpip]
debug1: channel 1: free: direct-tcpip: listening port 8888 for myserver port 8888, connect from 127.0.0.1 port 1618, nchannels 2It looks not too bad to me, but unfortunately, jconsole runs into a timeout after about 2 mins.
On the server I see the following using netstat:
tcp        0    168 myserver:ssh    mywindowsbox:3381 VERBUNDEN
tcp        0      0 myserver:ssh    mywindowsbox:1317 VERBUNDEN
tcp        0      0 myserver:44625 myserver:8888   TIME_WAIT
tcp        0      0 *:8888                      *:*                         LISTENIt appears to me that the tomcat-server is listening correctly on port 8888 for all incoming hosts (although localhost should be enough).
Furthermore, it seems that the ssh-tunnel has been establised.
Why the hell, jconsole still can't connect?

Hiya.
JMX connections use two ports. You need the RMI Registry and the RMI Stub. This first one you bound to port 8888, but the other one is probably still bound to a random port. You need to be able to access that one through SSH as well.
Trouble is that the second port uses a random port and most application servers can't statically configure this one. See this article for possible solutions (be sure to read the follow ups as well) : http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx
Cheers,
Hugp

Using portal admin console through an ssh tunnel?

I'm trying to login on the portal admin over an established ssh connection:
- profile server listen on hostname.subdomain.domain, port 8080
- an ssh tunnel (via portforwarding through a firewall) from client port
10000 to profile server 8080
- connect from webbrowser to http://localhost:10000/console
that won't work: internal server errors. If i change my hosts file:
localhost 127.0.0.1 hostname.subdomain.domain
it works. But this is ugly and conflicts with DNS.
So, how can i configure the profile server to accept connections over an ssh
tunnel? Anyone any idea?
regards, Jordi

Hello,
Does any one in BEA have an answer to this. I was stumped when asked by a client. Any response will be great.
C

Remote printing problem using ssh tunnel in Leopard

Haho,
I've recently installed Leopard, and I have unexpected difficulties with setting up remote printing to the printers of my University via ssh tunneling. The following procedure worked (and still works) under Tiger, but for some reason it doesn't work with Leopard (not just for me, but other friends also have the same issue as I do). The question is what could be the source of the problem and how could I get around it?
So, I have the same short user name on my home Mac as my login name in the University system. Then, I set up the proper printers (IP printer, LPD protocol, Address: localhost, the appropriate queue and printer type etc.). Whenever I want to print from home to the University, I would open a Terminal window, and sudo ssh -L515:XXX.XXX.XXX.XXX:515 [email protected] . This is supposed to channel the printing which is sent to a localhost printer to the printers which can be reached through the University IP address.
This method worked and works well under the latest version of Tiger, but not under Leopard (10.5, 9A581). I get no error messages, the printing seems to go through (at least no error seems to occur during spooling or logging in to the University with the terminal), but it simply doesn't prints out on the other end.
I have no firewall or any other new network tools running which I'm aware of, and I'm not aware of any differences in the set-ups besides the change in the OS. The issue might be that of compatibility with the University printing system, but help in what exactly changed on the Mac side (something obviously did change) would help me a lot, especially since I don't think that the University technical crew would be very keen on (or competent in, for that matter) troubleshooting.
Thanks in advance for your help!

Had the same issue with MS Terminal Server printing over vpn tunnel.
what kind of internet connection do you have? one which adds extra headers like pppoe ?
for me ...
sysopt connection tcpmss
helped
default is 1380 (1380 data + 20 TCP + 20 IP + 24 AH + 24 ESP_CIPHER + 12 ESP_AUTH + 20 IP = 1500 bytes)

Using Workgroup Manager via SSH tunnel

Hi all,
I'm attempting to use the Workgroup Manager app to remotely administer a OS X Tiger Server box. The server sits inside my company's LAN behind a firewall, which only allows traffic to the server on ports 21 (ftp), 22 (ssh), 80 (http) and 311 (server admin with SSL, I believe). All services on those ports work fine.
My research on the net indicates that the Workgroup Manager app uses port 625, but since the hardware firewall is blocking traffic on that port to the server, I'd like to create an SSH tunnel to access it. I've tried the following command on my local machine (i.e., not the server):
$ sudo ssh -L 625:localhost:625 [email protected]
and am able to set up the tunnel with no problem. However when I try to connect Workgroup Manager (on the local machine) to localhost, it won't let me connect. So I tried telnetting to localhost port 625 (on the local machine) to see what's up, and received the following error:
$ telnet localhost 625
Trying ::1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
Am I missing something? I was under the impression that the SSH tunnel would allow me to access port 625 on the server via port 22. The software firewall is disabled on both machines, so it's not that. I'm not experienced with SSH tunnelling, so I could be totally wrong about the way this is supposed to work.
Thanks in advance!

A quick tcpdump here indicates that Workgroup Manager uses both 311 and 625 when establishing a connection to the server. It may be the lack of port 311 tunneling that's causing your problem.
$ sudo ssh -L 625:localhost:625 -L 311:localhost:311 [email protected]

ORA Connect via SSH Tunnel on Windows failed! LINUX works ...

Hello again,
i tried to establish a Oracle Client Connection via SSH Tunnel on WinXP Pro.
1. Opened SSH-Tunnel Connection with plink (putty)
TUNNEL: 10.5.1.111:1521 => localhost:1521
(plink works fine with telnet, MySQL Client and other stuff)
2. Connected with Oracle Client on Tunnel END => Localhost, Port 1521
3. WIth ORA8i i got: Paket Error, With ORA10g i get: TNS: no listener
plink works fine, so i dont think the problem is located there.
i tried, tnsnames.ora, easyconnect and TNS-Less. So i guess, its not related to the connection method.
i tried the same on LINUX ... ssh tunnel and sqlplus connect ... IT WORKS !
Does Oracle need an aditional Port?
Does it have Problems with WIN2UNIX Connections? (ORA DB is on UNIX)
tnx

Hi,
Hum..., I guess this not work!
Looking for this schema below, you need put the 1521 port
If you desire, access the www.ssh.com site and download other ssh program
           Secure Connection
   +---->-------[SSH]-------->-----+
   |                               |
   |                               |
   ^                               |
   |       Insecure Connection     v
CLIENTE--->--------------------> ORACLE
ssh2 -l oracle -L 1521:192.148.1.251:1521 200.10.11.12
                    |          |                |
                    |          |                |
               A LOCAL        |                |
               B       INTERNAL IP ORACLE       |
               C                       EXTERNAL IP (GATEWAY)
                                                     C                             B
      | Firewall| . . . . .|INTERNET| . . . . . . |Firewall| . . . . . . . . . . |ORACLE|
      | Gateway |                                 |Gateway |                 192.148.1.251:1521
           .                                     200.10.11.12
     A     .
   |Oracle Client|
   (TNSNAMES.ORA)
     <SERVICO> =
       (DESCRIPTION =
         (ADDRESS_LIST =
           (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
         (CONNECT_DATA =
           (SID = <ORCL>)
       )Cheers

Reverse ssh tunnelling with mosh?

Similar Messages

Maybe you are looking for