LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-26-2006, 12:16 PM   #1
Le Hara
LQ Newbie
 
Registered: Jan 2005
Posts: 4

Rep: Reputation: 0
SSH TUNNEL PROBLEM(putty to OpenSSH)


Hi there,

I try to establish the most simple ssh tunnel:

I have a box running Fedora Core with a SSH server on it. The box is firewalled and permits access only on port 22. I want the users to access FTP service or VNC or whatever using ssh tunneling (I can`t open any more than port 22...security reasons...). I use WINXP with PUTTY to access the server.
The problem is that no traffic is forwarded in the tunnel. Whatever port I try to forward....putty ignores it. I don`t understand why?
This is configuration for sshd:
Port 22
Protocol 2
ServerKeyBits 2048
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 60
PermitRootLogin no
RSAAuthentication no
PubkeyAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
PAMAuthenticationViaKbdInt no
Compression yes
KeepAlive yes
ClientAliveInterval 30

and I use dsa key.


On putty:

I use Source Port: 5901; Destination: localhost:5901 - ex for VNC. The check boxes : local and Auto are enabled; and X diplsay location : localhost:0.

I connect with a user...everything is ok, then try to connect using VNC (or FTP) and nothing...traffic does not go in the tunnel; it access the server as normal TCP flow. I can see that because I spy with ethreal.
Does anyone have any idea why is not working? Do I have to enable something else in WIN or modify SSHD_conf?


Thunks
 
Old 03-26-2006, 01:06 PM   #2
mrclisdue
Senior Member
 
Registered: Dec 2005
Distribution: Slackware -current, 14.1
Posts: 1,049

Rep: Reputation: 170Reputation: 170
I've just tried to duplicate your situation, and there's good news and bad news. Sometimes it works, and sometimes it doesn't. I, being a mere mortal in a land of many gurus, have no explanation, but here's a few thoughts.

If you're running the vncviewer binary on the windows machine, there's no need to set the x11 display in putty, because you're not forwarding the display, per se - the vncviewer is looking after that aspect of thing. This may present a conflict.

Secondly, even though I can't explain why, I had more success when I checked the first two boxes in the tunnel dialog - local ports accept connections from other hosts, and remote ports do the same (i can't see the first making a difference, but the second might...) I might add that a couple of times I succeeded even when these boxes weren't checked.

Thirdly, in your vncviewer dialog, ensure that the server address is localhost:1, and not localhost:5901; also, though I believe more recent vnc distros allow simply " :1 " and the viewer assumes localhost, my windows version doesn't.

As stated, sometimes identical settings provided different results, so I'm lost as to what the reasoning is. I'd reboot both machines to start fresh, but I've got great music playing.....


hope this helps some...


cheers,
 
Old 03-26-2006, 02:22 PM   #3
Le Hara
LQ Newbie
 
Registered: Jan 2005
Posts: 4

Original Poster
Rep: Reputation: 0
stiil not working

Thank You but it didn`t help a lot. But as I metioned it`s not only for VNC....ftp behaves the same way. I forward the traffic on port 21 to localhost:21 and traffic is not using the tunnel it just passes as a regular ftp connection.

Any iddeas....cuz Linux starts to make me sick
 
Old 03-26-2006, 11:34 PM   #4
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 162Reputation: 162
What command line are you using from the Windows box? If you are using port 5901 in your forwarding settings for putty, you should type vncviewer 127.0.0.1:1 at the command prompt.

Ethereal should not show any packets going to the Linux box for VNC because you don't use its IP address (or hostname) in the command. Don't let it make you sick - it's not a Linux problem, it's just configuration
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
tunnel vnc through openssh disorderly Linux - Security 9 08-22-2005 03:56 PM
SSH tunnel using PuTTy - Samba jackster Linux - Security 4 02-12-2005 05:07 PM
VNC with Putty Tunnel port ziggie216 Linux - Software 10 12-02-2003 09:32 PM
putty and openssh issue Robin01 Linux - Newbie 6 12-02-2003 07:32 PM
VNC with Putty Tunnel LinuxHaven Linux - Security 15 08-30-2003 02:16 AM


All times are GMT -5. The time now is 02:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration