LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 04-24-2008, 10:26 AM   #1
Luke771
Member
 
Registered: Dec 2005
Location: Sol III, Milky Way
Distribution: Ubuntu
Posts: 43

Rep: Reputation: 15
ssh -L '>channel 3: open failed: connect failed:'


My ISP, Fastweb.it is the only company in the country where I live (Italy) that is capable of providing some real speed, especially on upload which I badly need for Freenet, i2p, BitTorrent seeding, and possibly other stuff that I may set up if I get around the problem caused by the 'dark side' of fastweb.

Abusing their de-facto monopoly on almost-high speed connections they use what I call "mobster marketing", which gies pretty much like this:
"I'm the only one who has this product, so you pay my price and stick to my rules: take it or leave it".
I'm not gonna discuss their policy here, what'm looking for is a solution to a practical problem.

The problem that I have to solve is that the ISP does the NAT and I can't port forward, and to get a routable address I should pay 4 a (!) which are to be added to the 65 a month (!!) that I already pay for my 10/10Mbit cable connection (includes a VoIP markedted as a "land line")

Some days ago, a friend who lives in another country got himself a 100/100Mbit connection, so routing my 10Mbit _max_ (often much less) wouldn't be a problem for him.
I asked him if he could set up a limited ssh account for me and let me forward a bunch of ports to his box, which he agreed to.

Now the problem is that once opened the tunnel, I can't connect to the remote port that is supposed to be listening.

Some details:
I run a Ubuntu 8.04 64bit and the remote system is a well mantained and efficient Windows box running WinXP Pro.
The server is Winsshd, the guy on the other end made an account for me and opened the ports that I need to open even tho they should be opened by my remote command, because it wasn't working and that was a try.

I use the command:

ssh -L <localport>:<remotehost>:<remoteport> user@remotehost shellserver

(I also tried:
ssh -L <localport>:<remotehost>:<remoteport> user@remotehost sleep 150
no difference)

The connection seems to work, the tunnel is open, I can access my directory on the remote box everything, but when I try to open a connection to the forwarded port through the tunnel using another terminal window, on the tunnel window appears the output:

\channel 3: open failed: connect failed:

without any explanation of why the connection failed.

Any suggestions?
 
Old 04-25-2008, 11:04 AM   #2
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,396
Blog Entries: 2

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
Perhaps the host at the destination end of the tunnel is not accepting connections on '<remoteport>'. The way your question is worded, it sounds like you are trying to connect to a service on the same host that is doing the tunneling. In principle, I suppose this should work, although it is not how tunnels are traditionally used, AFIAK. What command are you trying to use to access the service at the end of the tunnel?
--- rod.
 
Old 04-25-2008, 11:12 AM   #3
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,396
Blog Entries: 2

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
The other possibility is that there is a ssh key mismatch in ~/.ssh/known_hosts. This is a problem with tunnels, as the destination host always shows up as localhost, but the key is actually transmitted from the host on the end of the tunnel. To see if this is the problem, first set the tunnel <remoteport> to 22, then try to make a ssh connection to the host at the end of the tunnel.
Code:
ssh -p <localport> localhost
If it complains about a changed remote host key, then edit the known_hosts file appropriately and/or set up your keys correctly.

--- rod.

Last edited by theNbomr; 04-25-2008 at 11:14 AM.
 
Old 05-08-2009, 05:42 PM   #4
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42
Another possibility is that
Code:
MaxSessions 0
is in the sshd_config file on your buddy's Windows server. MaxSessions at zero means that you cannot connect by the command line. It will forward all day long but not allow logins via the sshd listener on the box.

Sometimes another error with MaxSessions at zero is something like "Administratively prohibited: open failed"

Rod's suggestions were pretty good. Luke771, did you get your issue solved?
 
Old 07-24-2009, 03:48 PM   #5
Smokey
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 311

Rep: Reputation: 30
I get this error.

I use 'ssh -ND 9999 username@localhost

Then I change firefox's manual network settings, and use socks v.5

local host port 9999

I also go to about:config and change the network.proxy.socks_remote_dns to true.

I am not sure if my browsing is being encrypted or not?

Last edited by Smokey; 07-24-2009 at 03:52 PM.
 
Old 07-24-2009, 04:23 PM   #6
slugmax
Member
 
Registered: Nov 2008
Location: Northern CT
Distribution: Slackware, Debian, Ubuntu
Posts: 69

Rep: Reputation: 24
I would also try connecting with the '-v' (or even -vv or -vvv for more detail) option to ssh. This will usually show you if the tunnel was created, and if not what the error was. It does sound like something is already listening on the either local or remote ports.
 
Old 07-27-2009, 05:24 PM   #7
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42
Quote:
Originally Posted by Smokey View Post
I get this error.

I use 'ssh -ND 9999 username@localhost

Then I change firefox's manual network settings, and use socks v.5

local host port 9999

I also go to about:config and change the network.proxy.socks_remote_dns to true.

I am not sure if my browsing is being encrypted or not?
Kill the connection, try Firefox. If Firefox can't pull anything up because the connection is down, you are golden. Bring the ssh connection back up, try Firefox again. It should work again. Then you'll know traffic is going where you intend.

Good luck.
 
Old 07-27-2009, 07:17 PM   #8
Smokey
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 311

Rep: Reputation: 30
Quote:
Originally Posted by meetscott View Post
Kill the connection, try Firefox. If Firefox can't pull anything up because the connection is down, you are golden. Bring the ssh connection back up, try Firefox again. It should work again. Then you'll know traffic is going where you intend.

Good luck.
Yup, exactly what I did.

Quote:
Originally Posted by slugmax View Post
I would also try connecting with the '-v' (or even -vv or -vvv for more detail) option to ssh. This will usually show you if the tunnel was created, and if not what the error was. It does sound like something is already listening on the either local or remote ports.
I used the -v option and it doesn't report a connection failed.

I mean it obviously works because I have my browser set to use port 9999 and if the ssh tunnel is not created, it simply wont browse the net. Once I do the ssh -ND 9999 dance, browsing works, but spits out those connection failed errors.

Now there is a new confusing error:

debug1: Connection to port 9999 forwarding to socks port 0 requested.


What does this mean? I didnt even know I had a socks port 0. Is this because of the Firefox option for No proxy for Localhost?

Last edited by Smokey; 07-27-2009 at 07:19 PM.
 
Old 07-27-2009, 11:15 PM   #9
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42
No being silent here. I have no idea on this error and I proxy all day, every day through straight squid or sometimes ssh through squid. I love it. Squid makes browsing so much faster. Also you can anonymize/encrypt on untrusted networks. I tunnel wireless traffic all the time because it's faster than WEP or WPA. I can switch it on anytime when I'm doing things like banking or opening confidential documents and I can turn it off if I don't care if other people snoop, like checking the weather.

I wish I could help you but I simply don't know. Sorry.
 
Old 10-07-2011, 05:32 AM   #10
hamidreza2000us
LQ Newbie
 
Registered: Nov 2009
Posts: 3

Rep: Reputation: 0
I've used the same config for ssh tunnel but I install squid at other part , it work ok but very slow. I need to send my outbound traffic via tunnel and receive in regular way. any comment?
 
Old 10-07-2011, 11:32 AM   #11
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42
A lot of things could be slowing you down. Check the squid cache files, make sure you are not hammering the hard disk with some thing else. If the hard disk is busy, browsing will appear slow because the cache hits won't be served quickly. Other than that, I don't know. You might also try using the verbose options mentioned in earlier parts of this thread to see if there are squid errors being kicked out: -v, -vv, or -vvv

scott
 
Old 10-08-2011, 03:34 PM   #12
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 13.1
Posts: 1,320

Rep: Reputation: 252Reputation: 252Reputation: 252
Quote:
Originally Posted by Luke771 View Post
ssh -L <localport>:<remotehost>:<remoteport> user@remotehost shellserver
Is it one and the same remote machine and you specified localhost for <remoteport>?
 
Old 10-10-2011, 04:33 PM   #13
hamidreza2000us
LQ Newbie
 
Registered: Nov 2009
Posts: 3

Rep: Reputation: 0
you know
it is not as simple as you think. we are located in middle east and for some political reason they filter our outgoing traffic based on some site or traffic pattern. we use vpn for bypass filtering. but they find other way to filter us and some other tools such as tor , yourfreedom, etc..
So this is not only my problem and this is problems of millions people trying to find a way to freedom, so I need some special and new way for by pass this kind of traffic, any linux or network grue comment will help us in this way
 
Old 10-10-2011, 06:46 PM   #14
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42
You might try the Opera web browser along with your ssh tunnel. Opera has a Turbo mode that might help you get some more speed. It's just a thought since things are working and the tunnel is what might be slow.
 
Old 01-24-2012, 04:14 AM   #15
pierceval
LQ Newbie
 
Registered: Jan 2012
Posts: 1

Rep: Reputation: Disabled
Solution found over the internet

Hello

I was issuing the same message : channel 3 : connexion refused
in my SSH console, when trying to reach my tunneled port 3000 ( ntop )

The simple answer is : nothing was listening to port 3000 on my destination machine.
I restarted the NTOP service, then everything worked and I got rid of the error message.

Regards.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind9: NDC command failed : rndc: connect failed: connection refused Boudewijn Linux - Networking 19 01-02-2014 08:19 AM
online_update failed - ERROR(Media:connection failed)[Connect failed] rover Suse/Novell 8 02-22-2005 08:57 AM
failed to connect to my linux with ssh zecodela Linux - Software 3 10-21-2004 01:52 AM
unpacking of archive failed: cpio: read failed-input/output error rafc Linux - Newbie 0 04-21-2004 10:03 AM
Loosing CD Drive while installing Mandrake 9.2 (ldconfig failed or idconfig failed) sjzabel Linux - General 3 02-26-2004 05:35 PM


All times are GMT -5. The time now is 01:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration