SSH Tunnel to other SSH servers?

I'm not sure how this can be done, with or even without an SSH tunnel.
Here's my scenario:
PowerBook@Work --> Firewall --> INTERNET --> Linksys Router/Firewall with port forwarding to Mac mini home server --> Mac mini --> Other Mac clients
Obviously I can SSH into my Mac mini server from my PowerBook at work:
ssh [email protected]
However, what I want to do is, to ssh to the Other Mac client on my home LAN from my Work LAN. So far I accomplish this by SSH'ing into my Mac mini server and then SSH'ing from there to my other Mac clients (which all have static 192.168.X.X addresses).
I have tried the following and it's doesn't seem to work:
ssh -N -p 22 [email protected] -R 2110/example.com/22
With port 2110 forwarded from my Linksys to my Other Mac client. Doesn't work.
I know this is one of those scenarios where I "can't see the forest through the trees". Meaning, there must be an easier way? Any help?

Paul,
sorry for my mistake. I forgot the "yes" in the commandline.
I wouldn't put all the different ssh connections into aliases of my .bashrc. SSH offers the use of a config file. Put everything there. It's easier to maintain and the recommended way for ssh.
Create a plain text file in ~/.ssh/config (for example with vi). And put the following stuff in there.
Host nicknameforyourhost
Hostname hostname.example.com
User yourusername
In Addition you might want to add one of these:
Port 22
Protocol 2
Compression yes
ForwardX11 yes
You can even put portforwardings, reflections etc. in there.
LocalForward 10548 127.0.0.1:548 To tunnel AFP on the server.
LocalForward 10080 127.0.0.1:80 To tunnel to an webserver running on the host that is blocked by the firewall.
To tunnel ServerAdmin, Workgroup Manager and Server Monitor Connections to the host (if it's running Mac OS X Server)
LocaLForward 311 127.0.0.1:311
LocalForward 625 127.0.0.1:625
LocalForward 687 127.0.0.1:687
You then connect your admin apps to localhost. This one has to be done as root, as you're forwarding privileged ports.
To forward an http connection to the webinterface of your router through the tunnel. Provided your LAN Range is 192.168.1.0 and your router is located at 192.168.1.1.
LocalForward 10080 192.168.1.1:80
You then connect your browser to http://localhost:10080/ and it will go through the tunnel, and be reflected from the host you connected to via SSH directly to the router. That way you could access your routers config pages without activating remote administration which is of course a lot more secure.
For your particular problem:
Create one Host entry with the actual machine that you connect to.
Host myserver
Hostname myserver.example.com
User yourusername
Protocol 2
Port 22
Compression yes
LocalForward 10080 192.168.1.1:80 see example with router above
LocalForward 10022 192.168.1.100:22 to create a ssh portreflector for host 192.168.1.100
This config will allow you to connect to your server and access your router like I described above and also create a tunnel for another ssh connection to 192.168.1.100. To access that machine, create a second config in that file just a few lines below.
Host myothermac
Hostname localhost
User yourusername
Protocol 2
Port 10022
To use all that you enter into your terminal:
$ ssh myserver
Password:
and from a second terminal:
$ ssh myothermac
Password:
You're directly taken to the othermac. You can put as many options in ther as you like. See the man page for SSH what else you can put into a config file. I hope by now is clear why not to use aliases in your .bashrc. Do some experimenting, you cannot hurt anything.
You could also do that from a screen session or just background the first SSH session from the terminal but that would make things unnecessarily more complex for the examples given.
Hope that helped.
Regards MacLemon

Similar Messages

Possible to ssh tunnel Bonjour traffic across different subnets?

Hello:
For quite some time, I have been thinking of buying a couple of iSights to enable audio/visual between two distant computers. But I really don't want to have to leave a dozen ports in my DSL modems opened up in order to use AIM or Jabber servers to iChatAV to my "usual" called parties (I can't help it, I'm paranoid - I have one ssh port open on my DSL modem at home - so most everything I do from afar -- afp (port 548), vnc( port 5900), etc., I tunnel it all over ssh).
So, in a similar vein, what I would like to do is treat a distant computer as if it were on my local 192.168.x.x NAT subnet, in order to do a Bonjour-like iChatAV connection without having to go to through these public servers and without having to leave a dozen ports open in my firewall (or go through the drill of opening/closing ports every time I want to iChat).
Now, if I understand this correctly, on one's local subnet, iChat AV works using Bonjour to communicate with other iChat AV users on the same subnet, which, I think, uses multicast packets. So I'm wondering if it is possible to ssh tunnel multicast traffic to a different computer like so:
ssh -L 5297:localhost:5297 -L 5298:localhost:5298 {called.party.IP.address}
thus being able to set up a secure point-to-point iChatAV connection?
Anybody ever do something like this?

Hin j.v.,
It is possible to iChat Bonjour over a Virtual Private Network , yes.
2:33 PM Thursday; May 4, 2006

Jconsole - remote connection thru ssh-tunnel

Hi all,
I need to start jconsole on my windows-box and connect to a remote tomcat-server thru an ssh-tunnel.
I have walked thru various posts and blogs, but finally couldn't get it running.
On the linux-server, I have set the following JAVA_OPTS:
export JAVA_OPTS='-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8888 -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.useLocalHostname=true -Dcom.sun.management.jmxremote.authenticate=false -Djava.rmi.server.hostname=myserver'myserver is the server-name that is resolved by the hostname-command. I also tried using localhost instead.
On the client I run the following ssh-command to create the tunnel:
ssh tomcat@myserver -L8888:myserver:8888 -N -vWhen I try to create a remote connection with jconsole using localhost:8888, I see the following output by ssh:
debug1: Connection to port 8888 forwarding to myserver port 8888 requested.
debug1: channel 1: new [direct-tcpip]
debug1: channel 1: free: direct-tcpip: listening port 8888 for myserver port 8888, connect from 127.0.0.1 port 1618, nchannels 2It looks not too bad to me, but unfortunately, jconsole runs into a timeout after about 2 mins.
On the server I see the following using netstat:
tcp        0    168 myserver:ssh    mywindowsbox:3381 VERBUNDEN
tcp        0      0 myserver:ssh    mywindowsbox:1317 VERBUNDEN
tcp        0      0 myserver:44625 myserver:8888   TIME_WAIT
tcp        0      0 *:8888                      *:*                         LISTENIt appears to me that the tomcat-server is listening correctly on port 8888 for all incoming hosts (although localhost should be enough).
Furthermore, it seems that the ssh-tunnel has been establised.
Why the hell, jconsole still can't connect?

Hiya.
JMX connections use two ports. You need the RMI Registry and the RMI Stub. This first one you bound to port 8888, but the other one is probably still bound to a random port. You need to be able to access that one through SSH as well.
Trouble is that the second port uses a random port and most application servers can't statically configure this one. See this article for possible solutions (be sure to read the follow ups as well) : http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx
Cheers,
Hugp

SMB through SSH tunnel

I'm having trouble setting up samba access over an SSH tunnel. If I forward port 139 on my machine to port 139 on the server, like so,
ssh -L 139:localhost:139 user@server
and then connect from the finder with Go -> Connect to Server and enter "smb://localhost/username" it works great. Moreover, if I do "smbclient -L localhost -U username" I get (with names changed to protect the innocent):
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Sharename Type Comment
IPC$ IPC IPC Service (Myservername)
username Disk Home Directories
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Server Comment
Workgroup Master
OATESNET MYSERVERNAME
That's great. However, I need to in fact be running a samba server on my local machine as well as accessing a remote one --- therefore, I can't forward from port 139 on my local machine because it conflicts with my local samba server (actually, I can, and it appears to be a crapshoot whether my local server or the remote server through SSH gets the connection. Weird. But that's a different story).
So, I try and forward from a different port, say 52187. So I create my tunnel:
ssh -L 52187:localhost:139 username@server
Now I try and connect through the Finder. I get error:
"The Finder cannot complete the operation because some data in "smb://localhost:52187/username" could not be read or written. (Error code -36)."
Hmm. Let's try and diagnose from the console. I type:
smbclient -L localhost -U username -p 52187
It connects to the remote server, but only partially. I get the following output:
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Sharename Type Comment
IPC$ IPC IPC Service (Myservername)
username Disk Home Directories
Error connecting to 127.0.0.1 (Invalid argument)
Connection to localhost failed
NetBIOS over TCP disabled -- no workgroup available
Weird. Note that this is with my local Samba server not running. Now, if I try and run smbclient with the local server running, I get a different error:
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Sharename Type Comment
IPC$ IPC IPC Service (Myservername)
username Disk Home Directories
session setup failed: NTSTATUS_LOGONFAILURE
NetBIOS over TCP disabled -- no workgroup available
Weirder --- so I look in the log files for the local Samba server (/var/log/samba/log.smbd). There are two new messages from the exact time when I tried to contact my remote server:
[2007/06/20 17:35:08, 0] /SourceCache/samba/samba-100.7/samba/source/smbd/server.c:main(789)
smbd version 3.0.10 started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2007/06/20 17:35:08, 0] pdbods.c:odssamgetsampwnam(2329)
odssam_getsampwnam: [0]getsam_recordattributes dsRecTypeStandard:Users no account for 'username'!
Note that 'username' is not a user on my local machine. I'm not sure what would happen if it were.
What looks like is happening to me is that the samba client is in fact contacting the server on the port that I give, but then trying to initiate some other communication (authentication?) on the default port, 139. That's why when I'm forwarding from port 139 it all works fine. That's also why I get a different error message and stuff in my local logs when the local server is running --- the samba client is contacting the remote server for part of the transaction and the local server for another part. When the local server isn't running, it just can't contact anyone and gets confused.
The question is, how can I make the samba client consistently use the port I tell it to use? Am I missing something?
-Andrew
PS -- why is it that I can have both a local samba server running on port 139 and an SSH tunnel that forwards from that port at the same time? Does it have to do with what interfaces their bound on? As in, the SSH server is only bound on the loopback interface, while the Samba server is only bound on my ethernet card? That's the only explanation I could think of.

well, I'm not doing a smb mount and have never tried to do an smb mount; only an afp mount. I'm very fortunate that I have Macs at work and home, and all authorized users to my computer are Mac users.
I'm running OS 10.4.9 and have been doing this (afp over ssh) throughout all iterations of 10.4.x and most if not all iterations of 10.2.x up through 10.2.8 on two older computers, a 2001 Quicksilver and a 2002 Quicksilver as the servers, and using them as the clients as well along with two Powerbook G4s as clients. Also, my kids (if you call ages 20-26 "kids") afp mount via ssh tunneling as well, from an iBookG4 and iMac G5s, also running 10.4.9.
I gotta ask a dumb question or two or three or four:
• When you ssh, obviously you have the ssh port (only) forwarded through your router and/or modem at home, right?
• Do you have your Mac's (the one you are trying to use as the server) firewall turned on or off? And if on, what ports/services do you have turned on in Sys Prefs Sharing? (and if off, what services are turned on?) Windows Sharing is on?
• If you turned on personal file sharing in your "server" Mac, do you have another Mac that you could try to ssh into, tunneling port XXXX:localhost:548 then from Finder, ⌘k to localhost:XXXX, just to see if that at least works?
• highly unlikely to make a difference, but when you ⌘k to smb://localhost:XXXX, does it help to leave off the "/username" that you had reported in preious posts as appending onto the servername?
One last-minute comment/suggestion: There is a shareware/donationware program called sharepoints that looks pretty cool; you can check that your mount points on your server are indeed smb shared or not (as a side note, if you are so inclined, you can create additional mount points other than just users' home directories, too). I am totally clueless as to how one, from the unix command line or maybe from the NetInfo manager, might do this, so if you would be treading new ground here yourself in this regard, this program might be of some value to you.

Ssh tunnel mode on Leopard does not work

Hi folks,
I have set up ssh tunnel mode (tunnels opened with "ssh -w 0:0 ..." makes SSH create the necessary tunX interfaces on its own) from my linux boxes to certain servers, and it works well.
But using "ssh -w 0:0" on Leopard client leads to
debug1: systunopen: /dev/tun0 open failed: No such file or directory<<</div>
So it seems - although the ssh man page describes it thus - that creating tun interfaces on Leopard does not work.
By the way, omitting the interface numbers for the tun interfaces on both sides ("ssh -w" instead of "ssh -w 0:0") leads to "Bad tun device" although that as well is documented in the ssh man page as working (and on linux it does).
Has anybody ever tried this on MacOS X in general and Leopard in particular?

Dirk,
I have run into the same issue, however I had ssh tunnels running between several macs before Dec 7 2008. But for some reason it broke on that day. Have been running remote rsync backups of the User data. Can give you the syntax if you want. But my point is it looks like this is a break in the OSX Unix system vs them just not being there as this was working prior to the 7th for several months.
Am working with Apple to get this resolved but in the mean time where did you find the tun/tap drivers? I have some for Open VPN that I have been playing with on another machine but dunno if they will work or not.

Set up SSH Tunneling

I am new to setting up SSH tunneling on my Mac server. I understand the idea behind tunneling but how would I go about setting it up, on both my client Mac and server Mac? I am running Mavericks Server on my Mac btw.
Thanks!

I'm going to infer that you're (also) not familiar with VPNs in the following.
Generic sequence: open up the necessary ports and protocols at your firewall for tunnel or VPN pass-through, and configure the tunnel or VPN server, and configure the VPN or tunnel client.
Here's a list of the ports, and make sure you distinguish TCP ports, UDP ports, and protocols; those three are all different, when you're configuring a firewall.
ssh uses TCP port 22 by default, though other ports can be selected.
With OS X and OS X Server, L2TP via IPSec and PPTP VPN clients and servers are available, and are very common choices.
Or yes, you can go old-school, and use ssh tunneling if you really want to. There's an overview of that process here.
If you're into using the command line (I happen to be), then straight ssh (and sometimes ssh tunneling) can be handy, but most folks with OS X will probably want to use an L2TP VPN — I use that regularly, too. Based on the way you're asking this question, I'd probably guess you'll want to use L2TP/IPSec via NAT VPN passthrough in whatever box you're using as a gateway, and skip the ssh tunneling for now. (This configuration and this approach would be more common than ssh tunneling in general, though there are cases where you might want or need to use ssh tunneling or some other alternaitve to L2TP/IPSec.)

Ssh tunnel how to set up in SL?

I have a server running SL with the firewall activated. I want to tunnel in to it from outside my own network, while on the road. I have used SSH Tunnel Manager to do so in the past (like for 4 years) but can not get it to work today.
On my SL Server 10.6.8 I can not find anywhere to open ports, but I understand that if I activate File Sharing and Remote Management it will open port 22. Correct?
On my router I opened port 3283 and 5900. Correct?
Where I get stuck is what to put in to SSH Tunnel Manager. I can not find any clear novice instructions for it anywhere. And I am confused as to what to put where.
Can anybody help? Thanks.

Thanks Bob, it is raining cats and dogs so good time to check.
I got it all up and running.
I am testing from a real slow connection (on purpose as this what I have often being on the road) and the screen update is (too) slow. I tried all your methods and can not see any different in speed (read slowness).
BobHarris wrote:
The reason I do this is because Chicken allows me to use reduced colors (like 8-bit colors), and the Vine Server both honors my reduced color request and it actually plays nice with reduced colors (the Mac OS X Screen Sharing server does not alway play nice with anything less then 32-bit colors, which needs a lot more bandwidth).
Where or how do you implement this? I can not find it anywhere. I am on 10.6.8 btw.
And what is more my connection over Mac's Screen Sharing client, having Vine Server server turned on or not on the remote Mac makes also no difference. I can get in either way and speed is the same.
Here is the setting of my remote Mac just in case I should not turn both, the last two, on:
Than there is an other problem.
I suppose this is not a problem as I am tunnelling in over SSH, but would like to make sure.
I also tried to follow the instructions on the alert screen, but no such settings are to be found on the remote computer. Must be an out of date message text. Or am I blind?
Looking forward to your wisdom.
Message was edited by: ChangeAgent.
Had an external link for the images as they refused to upload. Sometimes, when this happens, you can upload images after you post. That worked so removed links.

SSH: Tunneling HTTP

This is what I'm trying to do, the first paragraph, Tunneling HTTP:
http://www.plenz.com/tunnel-everything
This is the error I get:
debug1: Connection to port 8118 forwarding to localhost port 8118 requested.
debug1: channel 1: new [direct-tcpip]
channel 1: open failed: connect failed: Connection refused
debug1: channel 1: free: direct-tcpip: listening port 8118 for localhost port 8118, connect from 127.0.0.1 port 43117, nchannels 2
/etc/ssh/sshd_config
Port huhuhu
ListenAddress 0.0.0.0
AllowUsers huhuhu huhuhu
Protocol 2
HostKey /etc/ssh/ssh_host_dsa_key
LoginGraceTime 2m
PermitRootLogin no
MaxAuthTries 6
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
X11Forwarding no
Subsystem sftp internal-sftp
Match User huhuhu
ChrootDirectory /home/sftp
AllowTcpForwarding no
ForceCommand internal-sftp
/etc/ssh/ssh_config is default.
any idea?
TIA

Here is mine. You're just missing a few options with respect to tunneling:
$ sed -e '/^\#/d' -e '/^$/d' /etc/ssh/sshd_config
Port 10201
ListenAddress 0.0.0.0
Protocol 2
LoginGraceTime 30
PermitRootLogin no
MaxAuthTries 3
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM no
AllowAgentForwarding yes
AllowTcpForwarding yes
TCPKeepAlive yes
ClientAliveInterval 180
PermitTunnel yes
Subsystem sftp /usr/lib/ssh/sftp-server

Ssh tunneling

Hi,
I have tried the following:
on PC1 (win xp) I have created ssh connection with port forwarding
(local 8888 to remote 8888) to server1.
From server1 I have created another ssh connection with portforwarding to server2(local 8888 to remote 1521).
When I try to connect to oracle instance on server2 from PC1, using this kind of tunneling I got an error:
Oracle Error :: TNS-12547
TNS:lost contact
Does anyone have some experience with this kind of tunneling or is this kind of tunneling is possible?
Thanks,
Goran

Perhaps this thread will help you with tunneling vnc through ssh. I have personally put a number of posts about doing this; you might try searching these forums on user "j.v." and search terms "VNC" and "tunnel" if you want to see some of the stuff I have posted.
As far as tunneling your web browser through an ssh proxy, I think the easiest way to do this is to get a second web browser like Firefox for all the proxy stuff, and set it up as a SOCKS5 to proxy to "localhost:1080" or whatever port. Then, when you make a ssh connection, add a "-D 1080" option to your ssh command that you issue at the client computer. In Terminal, type "man ssh" to learn more about the "-D" proxy tunnel option.

SSH tunneling to connect to remote computer

Hi,
I have to connect to my remote database(RHEL box) from a windows using SSH tunnel
1. I have set up the SSH tunneling(with outgoing tunnel)
2. I have made a entry in the TNSnames.ora file
3. I establish connection to the remote server using SSH client and when i do tnsping
i do get connection. Even when i change the host name to some unkown name i do get a tnsping but iam not able to connect to the database. do iam wrong anywhere
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ISIL-PRJ
-04)(PORT = 1523)) (CONNECT_DATA = (SID = ora1022b)))
OK (800 msec)
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ISIL-PRJ
-04)(PORT = 1523)) (CONNECT_DATA = (SID = blablabla)))
OK (800 msec)
even when i change my sid name i get a tnsping. can anybody explain

Hi,
Looking for this schema below and see if help you:
           Secure Connection
   +---->-------[SSH]-------->-----+
   |                               |
   |                               |
   ^                               |
   |       Insecure Connection     v
CLIENT---->--------------------> ORACLE
ssh2 -l oracle -L 1521:192.148.1.251:1521 200.10.11.12
                    |          |                |
                    |          |                |
               A LOCAL        |                |
               B       INTERNAL IP ORACLE       |
               C                       EXTERNAL IP (GATEWAY)
                                                     C                             B
      | Firewall| . . . . .|INTERNET| . . . . . . |Firewall| . . . . . . . . . . |ORACLE|
      | Gateway |                                 |Gateway |                 192.148.1.251:1521
           .                                     200.10.11.12
     A     .
   |Oracle Client|
   (TNSNAMES.ORA)
     <SERVICE> =
       (DESCRIPTION =
         (ADDRESS_LIST =
           (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
         (CONNECT_DATA =
           (SID = <SID>)
       )Cheers

Using portal admin console through an ssh tunnel?

I'm trying to login on the portal admin over an established ssh connection:
- profile server listen on hostname.subdomain.domain, port 8080
- an ssh tunnel (via portforwarding through a firewall) from client port
10000 to profile server 8080
- connect from webbrowser to http://localhost:10000/console
that won't work: internal server errors. If i change my hosts file:
localhost 127.0.0.1 hostname.subdomain.domain
it works. But this is ugly and conflicts with DNS.
So, how can i configure the profile server to accept connections over an ssh
tunnel? Anyone any idea?
regards, Jordi

Hello,
Does any one in BEA have an answer to this. I was stumped when asked by a client. Any response will be great.
C

Remote printing problem using ssh tunnel in Leopard

Haho,
I've recently installed Leopard, and I have unexpected difficulties with setting up remote printing to the printers of my University via ssh tunneling. The following procedure worked (and still works) under Tiger, but for some reason it doesn't work with Leopard (not just for me, but other friends also have the same issue as I do). The question is what could be the source of the problem and how could I get around it?
So, I have the same short user name on my home Mac as my login name in the University system. Then, I set up the proper printers (IP printer, LPD protocol, Address: localhost, the appropriate queue and printer type etc.). Whenever I want to print from home to the University, I would open a Terminal window, and sudo ssh -L515:XXX.XXX.XXX.XXX:515 [email protected] . This is supposed to channel the printing which is sent to a localhost printer to the printers which can be reached through the University IP address.
This method worked and works well under the latest version of Tiger, but not under Leopard (10.5, 9A581). I get no error messages, the printing seems to go through (at least no error seems to occur during spooling or logging in to the University with the terminal), but it simply doesn't prints out on the other end.
I have no firewall or any other new network tools running which I'm aware of, and I'm not aware of any differences in the set-ups besides the change in the OS. The issue might be that of compatibility with the University printing system, but help in what exactly changed on the Mac side (something obviously did change) would help me a lot, especially since I don't think that the University technical crew would be very keen on (or competent in, for that matter) troubleshooting.
Thanks in advance for your help!

Had the same issue with MS Terminal Server printing over vpn tunnel.
what kind of internet connection do you have? one which adds extra headers like pppoe ?
for me ...
sysopt connection tcpmss
helped
default is 1380 (1380 data + 20 TCP + 20 IP + 24 AH + 24 ESP_CIPHER + 12 ESP_AUTH + 20 IP = 1500 bytes)

Using Workgroup Manager via SSH tunnel

Hi all,
I'm attempting to use the Workgroup Manager app to remotely administer a OS X Tiger Server box. The server sits inside my company's LAN behind a firewall, which only allows traffic to the server on ports 21 (ftp), 22 (ssh), 80 (http) and 311 (server admin with SSL, I believe). All services on those ports work fine.
My research on the net indicates that the Workgroup Manager app uses port 625, but since the hardware firewall is blocking traffic on that port to the server, I'd like to create an SSH tunnel to access it. I've tried the following command on my local machine (i.e., not the server):
$ sudo ssh -L 625:localhost:625 [email protected]
and am able to set up the tunnel with no problem. However when I try to connect Workgroup Manager (on the local machine) to localhost, it won't let me connect. So I tried telnetting to localhost port 625 (on the local machine) to see what's up, and received the following error:
$ telnet localhost 625
Trying ::1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
Am I missing something? I was under the impression that the SSH tunnel would allow me to access port 625 on the server via port 22. The software firewall is disabled on both machines, so it's not that. I'm not experienced with SSH tunnelling, so I could be totally wrong about the way this is supposed to work.
Thanks in advance!

A quick tcpdump here indicates that Workgroup Manager uses both 311 and 625 when establishing a connection to the server. It may be the lack of port 311 tunneling that's causing your problem.
$ sudo ssh -L 625:localhost:625 -L 311:localhost:311 [email protected]

ORA Connect via SSH Tunnel on Windows failed! LINUX works ...

Hello again,
i tried to establish a Oracle Client Connection via SSH Tunnel on WinXP Pro.
1. Opened SSH-Tunnel Connection with plink (putty)
TUNNEL: 10.5.1.111:1521 => localhost:1521
(plink works fine with telnet, MySQL Client and other stuff)
2. Connected with Oracle Client on Tunnel END => Localhost, Port 1521
3. WIth ORA8i i got: Paket Error, With ORA10g i get: TNS: no listener
plink works fine, so i dont think the problem is located there.
i tried, tnsnames.ora, easyconnect and TNS-Less. So i guess, its not related to the connection method.
i tried the same on LINUX ... ssh tunnel and sqlplus connect ... IT WORKS !
Does Oracle need an aditional Port?
Does it have Problems with WIN2UNIX Connections? (ORA DB is on UNIX)
tnx

Hi,
Hum..., I guess this not work!
Looking for this schema below, you need put the 1521 port
If you desire, access the www.ssh.com site and download other ssh program
           Secure Connection
   +---->-------[SSH]-------->-----+
   |                               |
   |                               |
   ^                               |
   |       Insecure Connection     v
CLIENTE--->--------------------> ORACLE
ssh2 -l oracle -L 1521:192.148.1.251:1521 200.10.11.12
                    |          |                |
                    |          |                |
               A LOCAL        |                |
               B       INTERNAL IP ORACLE       |
               C                       EXTERNAL IP (GATEWAY)
                                                     C                             B
      | Firewall| . . . . .|INTERNET| . . . . . . |Firewall| . . . . . . . . . . |ORACLE|
      | Gateway |                                 |Gateway |                 192.148.1.251:1521
           .                                     200.10.11.12
     A     .
   |Oracle Client|
   (TNSNAMES.ORA)
     <SERVICO> =
       (DESCRIPTION =
         (ADDRESS_LIST =
           (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
         (CONNECT_DATA =
           (SID = <ORCL>)
       )Cheers

[SOLVED] How to tunnel HTTP over SSH via SOCKS?

This should be a simple issue to solve, but for some reason it's not working for me.
`ssh vps` works just fine (I use authentication keys)
I set up the tunnel with the command:
ssh -C2TNv -D 8080 vps
I then modify Firefox network settings:
manual config
http proxy: localhost, port: 8080
use this proxy server for all protocols
SOCKS v5
about:config
network.proxy.socks_remote_dns: true
Terminal output:
$ ssh -C2TNv -D 8080 vps
OpenSSH_6.0p1, OpenSSL 1.0.1a 19 Apr 2012
debug1: Reading configuration data /home/ting/.ssh/config
debug1: /home/ting/.ssh/config line 47: Applying options for vps
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to vps.server.com [1.1.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/ting/.ssh/id_rsa type 1
debug1: identity file /home/ting/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6+squeeze1
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 [email protected]
debug1: kex: client->server aes128-ctr hmac-md5 [email protected]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA <removed>
debug1: Host 'vps.server.com' is known and matches the RSA host key.
debug1: Found key in /home/ting/.ssh/known_hosts:10
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/ting/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to vps.server.com ([1.1.1.1]:22).
debug1: Local connections to LOCALHOST:8080 forwarded to remote address socks:0
debug1: Local forwarding listening on ::1 port 8080.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8080.
debug1: channel 1: new [port listener]
debug1: Requesting [email protected]
debug1: Entering interactive session.
I then try visiting a site using Firefox, SSH output:
debug1: Connection to port 8080 forwarding to socks port 0 requested.
debug1: channel 2: new [dynamic-tcpip]
debug1: channel 2: free: dynamic-tcpip, nchannels 3
debug1: Connection to port 8080 forwarding to socks port 0 requested.
debug1: channel 2: new [dynamic-tcpip]
debug1: channel 2: free: dynamic-tcpip, nchannels 3
Despite the proxy seemingly working, visiting any site with Firefox just returns with the error "The connection was reset".
Last edited by AncientPC (2012-04-27 06:47:39)

I eventually figured it out from here:
http://superuser.com/questions/417397/h … -via-socks
It turns out my Firefox settings were wrong, only SOCKS Proxy needed to be filled in.
For future reference, you can test your SSH tunnel by using:
curl --socks5 127.0.0.1:8080 http://blah
curl --proxy 127.0.0.1:8080 http://blah

SSH Tunnel to other SSH servers?

Similar Messages

Maybe you are looking for