Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
07-20-2010, 05:53 PM
#1
Member
Registered: Mar 2008
Location: Northeast US
Distribution: Mint, Ubuntu, Backtrack
Posts: 77
Rep:
Can't establish tunnel for VPN over SSH
I'm trying to
create a VPN through SSH but encounter the following:
Code:
[18:42:11]root@bronzhip:/home/casey# sudo ssh -w 0:0 97.**.***.221 -i VPN
channel 0: open failed: administratively prohibited: open failed
tun0: ERROR while getting interface flags: No such device
tun0: ERROR while getting interface flags: No such device
Connection to 97.**.***.221 closed.
Here's my sshd_config with some relevant toggles:
Code:
# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
# This is the sshd server system-wide configuration file.
...SNIP...
Protocol 2
PermitRootLogin yes
PermitTunnel yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
AllowAgentForwarding yes
AllowTcpForwarding yes
View
full sshd_config
I'm lost... Any pointers?
07-21-2010, 02:19 PM
#2
Senior Member
Registered: Mar 2003
Location: Seattle
Distribution: Slackware ?-14.1
Posts: 1,029
Rep:
add a -vvv to the cmd, post the output.
07-21-2010, 02:50 PM
#3
Moderator
Registered: Mar 2008
Posts: 21,987
Can you ssh to the remote ip address?
07-21-2010, 03:42 PM
#4
Member
Registered: Mar 2008
Location: Northeast US
Distribution: Mint, Ubuntu, Backtrack
Posts: 77
Original Poster
Rep:
Quote:
Originally Posted by
jefro
Can you ssh to the remote ip address?
Normal SSH works perfectly:
Code:
[16:53:37]casey@bronzhip:~$ ssh casey@97.**.***.221
casey@97.**.***.221's password:
...SNIP...
Last login: Tue Jul 20 18:50:33 2010 from bronzehip.wifi.wpi.edu
Linux 2.6.33.4.
...SNIP...
casey@ultram:~$
Last edited by wingman358; 07-21-2010 at 03:58 PM .
Reason: added info
07-21-2010, 03:43 PM
#5
Senior Member
Registered: Mar 2003
Location: Seattle
Distribution: Slackware ?-14.1
Posts: 1,029
Rep:
add a -vvv to the cmd, post the output.
0 members found this post helpful.
07-21-2010, 04:04 PM
#6
Member
Registered: Mar 2008
Location: Northeast US
Distribution: Mint, Ubuntu, Backtrack
Posts: 77
Original Poster
Rep:
Quote:
Originally Posted by
Finlay
add a -vvv to the cmd, post the output.
Code:
[16:54:29]casey@bronzhip:~$ sudo ssh -vvvw 0:0 97.**.***.221 -i VPN
[sudo] password for casey:
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 97.**.***.221 [97.**.***.221] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug3: Not a RSA1 key file VPN.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file VPN type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5
debug1: match: OpenSSH_5.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
debug2: dh_gen_key: priv key bits set: 120/256
debug2: bits set: 512/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host '97.95.190.221' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug2: bits set: 495/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: VPN (0x225e1418)
debug3: Wrote 64 bytes for a total of 1127
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: VPN
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 240 bytes for a total of 1367
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug2: input_userauth_pk_ok: fp 33:07:18:c0:e0:***********:7a:2f:20:2e:3b:89
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug3: Wrote 384 bytes for a total of 1751
debug1: Authentication succeeded (publickey).
debug1: Requesting tun unit 2147483647 in mode 1
debug1: sys_tun_open: tunnel mode 1 fd 4
debug2: fd 4 setting O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug1: channel 0: new [tun]
debug1: channel 1: new [client-session]
debug3: ssh_session2_open: channel_new: 1
debug2: channel 1: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug3: Wrote 208 bytes for a total of 1959
debug1: Remote: Forced tun device: 0
debug1: Remote: Forced command: sudo /sbin/ifconfig tun0 up; sudo /sbin/ifconfig tun0 down
debug1: Remote: Forced tun device: 0
debug1: Remote: Forced command: sudo /sbin/ifconfig tun0 up; sudo /sbin/ifconfig tun0 down
debug1: Remote: Failed to open the tunnel device.
channel 0: open failed: administratively prohibited: open failed
debug2: callback start
debug2: client_session2_setup: id 1
debug2: channel 1: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env TERM
debug3: Ignored env LS_COLORS
debug3: Ignored env PATH
debug1: Sending env LANG = en_US.utf8
debug2: channel 1: request env confirm 0
debug3: Ignored env HOME
debug3: Ignored env DISPLAY
debug3: Ignored env XAUTHORITY
debug3: Ignored env COLORTERM
debug3: Ignored env SHELL
debug3: Ignored env LOGNAME
debug3: Ignored env USER
debug3: Ignored env USERNAME
debug3: Ignored env SUDO_COMMAND
debug3: Ignored env SUDO_USER
debug3: Ignored env SUDO_UID
debug3: Ignored env SUDO_GID
debug2: channel 1: request shell confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 1: open confirm rwindow 0 rmax 32768
debug2: channel 0: zombie
debug2: channel 0: garbage collecting
debug1: channel 0: free: tun, nchannels 2
debug3: channel 0: status: The following connections are open:
#1 client-session (t4 r0 i0/0 o0/0 fd 5/6 cfd -1)
debug3: channel 0: close_fds r 4 w 4 e -1 c -1
debug3: Wrote 448 bytes for a total of 2407
debug2: channel_input_status_confirm: type 99 id 1
debug2: PTY allocation request accepted on channel 1
debug2: channel 1: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 1
debug2: shell request accepted on channel 1
tun0: ERROR while getting interface flags: No such device
debug1: client_input_channel_req: channel 1 rtype exit-status reply 0
debug1: client_input_channel_req: channel 1 rtype eow@openssh.com reply 0
debug2: channel 1: rcvd eow
debug2: channel 1: close_read
debug2: channel 1: input open -> closed
tun0: ERROR while getting interface flags: No such device
debug2: channel 1: rcvd eof
debug2: channel 1: output open -> drain
debug2: channel 1: obuf empty
debug2: channel 1: close_write
debug2: channel 1: output drain -> closed
debug2: channel 1: rcvd close
debug3: channel 1: will not send data after close
debug2: channel 1: almost dead
debug2: channel 1: gc: notify user
debug2: channel 1: gc: user detached
debug2: channel 1: send close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: client-session, nchannels 1
debug3: channel 1: status: The following connections are open:
#1 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)
debug3: channel 1: close_fds r -1 w -1 e 7 c -1
debug3: Wrote 32 bytes for a total of 2439
debug3: Wrote 64 bytes for a total of 2503
Connection to 97.**.***.221 closed.
Transferred: sent 2272, received 2736 bytes, in 0.3 seconds
Bytes per second: sent 8861.1, received 10670.7
debug1: Exit status 255
Damn, that
IS very, very verbose! Not sure if it helps, though.
07-21-2010, 04:28 PM
#7
Senior Member
Registered: Mar 2003
Location: Seattle
Distribution: Slackware ?-14.1
Posts: 1,029
Rep:
couple things to try:
change 0:0 to any:any
add root@ip for the remote address
In
this thread it mentions having to create the tunnel interfaces, tun0, manually on the remote host.
All times are GMT -5. The time now is 07:52 PM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
Latest Threads
LQ News