LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   SSH TUNNEL PROBLEM(putty to OpenSSH) (https://www.linuxquestions.org/questions/linux-security-4/ssh-tunnel-problem-putty-to-openssh-428678/)

Le Hara 03-26-2006 11:16 AM
SSH TUNNEL PROBLEM(putty to OpenSSH)
 
Hi there,

I try to establish the most simple ssh tunnel:

I have a box running Fedora Core with a SSH server on it. The box is firewalled and permits access only on port 22. I want the users to access FTP service or VNC or whatever using ssh tunneling (I can`t open any more than port 22...security reasons...). I use WINXP with PUTTY to access the server.
The problem is that no traffic is forwarded in the tunnel. Whatever port I try to forward....putty ignores it. I don`t understand why?
This is configuration for sshd:
Port 22
Protocol 2
ServerKeyBits 2048
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 60
PermitRootLogin no
RSAAuthentication no
PubkeyAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
PAMAuthenticationViaKbdInt no
Compression yes
KeepAlive yes
ClientAliveInterval 30

and I use dsa key.


On putty:

I use Source Port: 5901; Destination: localhost:5901 - ex for VNC. The check boxes : local and Auto are enabled; and X diplsay location : localhost:0.

I connect with a user...everything is ok, then try to connect using VNC (or FTP) and nothing...traffic does not go in the tunnel; it access the server as normal TCP flow. I can see that because I spy with ethreal.
Does anyone have any idea why is not working? Do I have to enable something else in WIN or modify SSHD_conf?


Thunks

mrclisdue 03-26-2006 12:06 PM
I've just tried to duplicate your situation, and there's good news and bad news. Sometimes it works, and sometimes it doesn't. I, being a mere mortal in a land of many gurus, have no explanation, but here's a few thoughts.

If you're running the vncviewer binary on the windows machine, there's no need to set the x11 display in putty, because you're not forwarding the display, per se - the vncviewer is looking after that aspect of thing. This may present a conflict.

Secondly, even though I can't explain why, I had more success when I checked the first two boxes in the tunnel dialog - local ports accept connections from other hosts, and remote ports do the same (i can't see the first making a difference, but the second might...) I might add that a couple of times I succeeded even when these boxes weren't checked.

Thirdly, in your vncviewer dialog, ensure that the server address is localhost:1, and not localhost:5901; also, though I believe more recent vnc distros allow simply " :1 " and the viewer assumes localhost, my windows version doesn't.

As stated, sometimes identical settings provided different results, so I'm lost as to what the reasoning is. I'd reboot both machines to start fresh, but I've got great music playing.....


hope this helps some...


cheers,

Le Hara 03-26-2006 01:22 PM
stiil not working
 
Thank You but it didn`t help a lot. But as I metioned it`s not only for VNC....ftp behaves the same way. I forward the traffic on port 21 to localhost:21 and traffic is not using the tunnel it just passes as a regular ftp connection.

Any iddeas....cuz Linux starts to make me sick

gilead 03-26-2006 10:34 PM
What command line are you using from the Windows box? If you are using port 5901 in your forwarding settings for putty, you should type vncviewer 127.0.0.1:1 at the command prompt.

Ethereal should not show any packets going to the Linux box for VNC because you don't use its IP address (or hostname) in the command. Don't let it make you sick - it's not a Linux problem, it's just configuration :)


All times are GMT -5. The time now is 06:20 PM.