LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-15-2017, 07:14 AM   #1
Dantaliion
LQ Newbie
 
Registered: Nov 2017
Posts: 18

Rep: Reputation: Disabled
Remote port forwarding failing on a Raspberry Pi


Hello, folks!
I have configured my Raspberry Pi (Raspbian, debian) as a server, and ssh is working normally both on LAN and WAN (if i wanted to), but i cannot port forward on the router it's currently behind (my office router) for security reasons. What i am trying to do is a remote port forward from the Pi to my PC at home, using:
Code:
ssh -fN -R $port:localhost:8022 $user@$mypclocation
(Using port 8022 to ssh)
It does connect, and "netstat -nlpt" on my PC shows that it is listening on port $port, and "-npt" shows the connection is established.
When i try to connect to it via the tunneled port, though, as in:
Code:
ssh $user@localhost -p $port
i get:
Code:
ssh_exchange_indentification: read: connection reset by peer.
When i tryed from a different client, everything was the same, but the problem persisted with a slightly different output:
Code:
ssh_exchange_identification: Connection closed by remote host.
Curiously, when i issued the command to remote port forward on the Pi itself (everything happening inside the Pi), same story, but i was able to normally connect "back" via the tunneled port (???). Any ideas?

Snippet of the verbose output (server side):
Code:
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.0.20 ([192.168.0.20]:8022).
debug1: Remote connections from LOCALHOST:1618 forwarded to local address localhost:8022
debug2: fd 3 setting TCP_NODELAY
debug1: Requesting no-more-sessions@openssh.com
debug1: forking to background
debug1: Entering interactive session.
debug1: pledge: network
pi@null:~:: debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: Forwarding listen address "localhost" overridden by server GatewayPorts
debug1: remote forward success for: listen 1618, connect localhost:8022
debug1: All remote forwarding requests processed
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 2 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 1618, originator 127.0.0.1 port 48683
debug2: fd 4 setting O_NONBLOCK
debug2: fd 4 setting TCP_NODELAY
debug1: connect_next: host localhost ([::1]:8022) in progress, fd=4
debug1: channel 0: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: channel 0: connection failed: Connection refused
debug2: fd 5 setting O_NONBLOCK
debug2: fd 5 setting TCP_NODELAY
debug1: connect_next: host localhost ([127.0.0.1]:8022) in progress, fd=5
debug1: channel 0: connection failed: Connection refused
connect_to localhost port 8022: failed.
debug2: channel 0: zombie
debug2: channel 0: garbage collecting
debug1: channel 0: free: 127.0.0.1, nchannels 1
I am not showing the output on the client side because, despite of the verbose level, eveything runs fine except for the last line, which is the one printed on the terminal...

Last edited by Dantaliion; 12-15-2017 at 08:41 PM.
 
Old 12-17-2017, 12:53 AM   #2
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,432
Blog Entries: 3

Rep: Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512
If your setup is like this:

Code:
rpi3 ----- Router A ----- ( Internet ) ----- Router B ----- PCatHome
and if you can log into PCatHome with SSH from anywhere on the Internet, then you should be able to set up a reverse tunnel from the Raspberry Pi and then connect back down that reverse tunnel.

On rpi3:

Code:
ssh -R 2202:localhost:22 user@pcathome.example.com
Alternately, load the appropriate key into the agent if you want to have the option to automate reconnection in the event of a break.

Code:
while ! ssh -i some.key.ed25519 -R 2202:localhost:22 user@pcathome.example.com; do sleep 2; done;
Also set "ServerAliveInterval" and "ServerAliveCountMax" for that connection.

Then later on PCatHome this will connect back to rpi3:

Code:
ssh -p 2202 localhost
 
1 members found this post helpful.
Old 12-17-2017, 09:02 AM   #3
Dantaliion
LQ Newbie
 
Registered: Nov 2017
Posts: 18

Original Poster
Rep: Reputation: Disabled
Ok, i made sure i did exactly as you said, but the same thing happened.. Whithout setting "-f", i actually get a shell inside the remote server, but then, when i try to connect back through the port, it fails:

Code:
root@pc:~:: netstat -nlpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:2202          0.0.0.0:*               LISTEN      6576/sshd: root@pts 
tcp        0      0 0.0.0.0:22            0.0.0.0:*               LISTEN      6220/sshd           
tcp6       0      0 ::1:2202                :::*                    LISTEN      6576/sshd: root@pts 
tcp6       0      0 :::22                 :::*                    LISTEN      6220/sshd           
root@pc:~:: ssh -p 2202 localhost
connect_to localhost port 22: failed.
ssh_exchange_identification: Connection closed by remote host

Last edited by Dantaliion; 12-17-2017 at 09:17 AM.
 
Old 12-17-2017, 09:22 AM   #4
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,432
Blog Entries: 3

Rep: Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512
None of these connections should be done as root.

Are you leaving the connection open from the RPi3 to the HomePC?

Do you have the SSH server running on the RPi3 also? It's not on by default.
 
Old 12-17-2017, 12:27 PM   #5
Dantaliion
LQ Newbie
 
Registered: Nov 2017
Posts: 18

Original Poster
Rep: Reputation: Disabled
Remote port forwarding failing on a Raspberry Pi

The only user on my dist is root. I use pub/priv keys for authentication, and yes, the ssh daemon is up and running, not on port 22 (extra security).
 
Old 12-17-2017, 12:35 PM   #6
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,432
Blog Entries: 3

Rep: Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512
In #3 above you show the output of 'netstat -nlpt' for the PC at Home unit. What is the corresponding output on the Raspberry Pi 3?
 
Old 12-17-2017, 12:51 PM   #7
Dantaliion
LQ Newbie
 
Registered: Nov 2017
Posts: 18

Original Poster
Rep: Reputation: Disabled
Yes, sorry. Here it is:
Code:
pi@pc:~:: netstat -nlpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      422/sshd            
tcp6       0      0 :::22                   :::*                    LISTEN      422/sshd
Output for "netstat -npt" as well:
Code:
pi@pc:~:: netstat -npt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0    224 192.168.0.21:22         192.168.0.11:34826      ESTABLISHED 429/sshd: root@pts/ 
tcp        0      0 192.168.0.21:54892      192.168.0.11:1618       ESTABLISHED 475/ssh
 
Old 12-17-2017, 12:54 PM   #8
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,432
Blog Entries: 3

Rep: Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512
Ok. sshd is listening there, but on port 71. Then on the RPi3 you'd launch the reverse tunnel back to port 71:

Code:
ssh -R 2202:localhost:71 user@pcathome.example.com
 
1 members found this post helpful.
Old 12-17-2017, 01:02 PM   #9
Dantaliion
LQ Newbie
 
Registered: Nov 2017
Posts: 18

Original Poster
Rep: Reputation: Disabled
Sorry for the trouble. I edited the question so it wasn't confusing. I use port 71, by default, i changed it to 22 in the post only.

Don't know if this is going to help or anything, but i have tryed this not only on my Pi. but on all my devices connecting to one another, and nothing. i suspected the firewall or something, but iptables is flushed. I suspected my router, so i went to another network, nothing.

Maybe this is bad karma or the universe playing pranks, just doesn't make sense. I can SSH from and to every device, but cannot remote port forward.

Last edited by Dantaliion; 12-17-2017 at 03:52 PM.
 
Old 12-18-2017, 01:24 AM   #10
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,432
Blog Entries: 3

Rep: Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512
Can you get more information out of the SSH client regarding the failure to connect by increasing the verbosity?

Code:
ssh -v -p 2202 localhost
ssh -vv -p 2202 localhost
ssh -vvv -p 2202 localhost
One of those might tell the reason. Otherwise you'll have to look in the SSH server logs on the Raspberry Pi 3 to see what the reason was.
 
Old 12-18-2017, 06:07 AM   #11
Dantaliion
LQ Newbie
 
Registered: Nov 2017
Posts: 18

Original Poster
Rep: Reputation: Disabled
Sure, here it is (with verbose set to "-vvv"):
Code:
OpenSSH_7.6p1 Debian-2, OpenSSL 1.0.2m  2 Nov 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "localhost" port 2202
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to localhost [::1] port 2202.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 7988 ms remain after connect
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Debian-2
ssh_exchange_identification: Connection closed by remote host
 
Old 12-18-2017, 09:57 AM   #12
Dantaliion
LQ Newbie
 
Registered: Nov 2017
Posts: 18

Original Poster
Rep: Reputation: Disabled
Hello, problem solved. It turns out i didn't pay much attention when you said it was listening on port 71 and i was sending it to listen on the remote client's SSH port.
Quote:
Originally Posted by Turbocapitalist View Post
Ok. sshd is listening there, but on port 71. Then on the RPi3 you'd launch the reverse tunnel back to port 71:

Code:
ssh -R 2202:localhost:71 user@pcathome.example.com
Just so that it becomes clear to anyone with this issue:
What i was doing was
Code:
$tunnel_port:localhost:$remote_client_SSH_port
And the correct is:
Code:
$tunnel_port:localhost:$server_SSH_port
Begginner's mistake. Thank you for your time, man, i really appreciate it.

Last edited by Dantaliion; 12-18-2017 at 10:00 AM.
 
Old 12-18-2017, 10:09 AM   #13
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,432
Blog Entries: 3

Rep: Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512
No problem.

Be sure to eventually take a look at ServerAliveCountMax on the client and ClientAliveCountMax on the server as well as using the while() loop shown above. The combination will allow the automatic maintenance of the tunnel.
 
Old 12-19-2017, 08:18 AM   #14
Dantaliion
LQ Newbie
 
Registered: Nov 2017
Posts: 18

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Turbocapitalist View Post
No problem.

Be sure to eventually take a look at ServerAliveCountMax on the client and ClientAliveCountMax on the server as well as using the while() loop shown above. The combination will allow the automatic maintenance of the tunnel.
Yes, i will try this. What i have been doing is actually setting up cron to run this script every minute:
Code:
if ps aux | grep StrictHostKeyChecking | grep -v grep; then
    true
else
    ssh -fNR -o StrictHostKeyChecking=no $forwardport:localhost:$sshport $pcaddress -p $port
fi
I use this unsafe option only in this script, when i need access to the pi, in case you get worried , haha.
Do you think using the options you provided is better?

Last edited by Dantaliion; 12-19-2017 at 08:23 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem in remote ssh port using Port Forwarding jsaravana87 Linux - Server 1 09-27-2012 12:02 AM
Warning: remote port forwarding failed for listen port 7869 windstory Linux - Newbie 1 08-02-2010 10:07 AM
Remote Login without port-forwarding? Murdock1979 Linux - Networking 1 10-03-2008 06:32 AM
Forwarding ONE port to remote machine supertrout Linux - Networking 2 12-14-2004 10:02 PM
Remote Port Forwarding Question juxstapose Linux - Networking 1 08-01-2004 12:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration