SSH Tunnel issue

tpe · 01-24-2008, 06:52 AM

Dear all,
I try to create an SSH tunnel from my local PC to the remote mysql server. I use the standard ssh command:
ssh -N -L 3333:127.0.0.1:3306 user@remotehost

The authentication is handled by keychain, so no issue.
However, the problem exists as soon as ssh is authenticated.
Specifically, I receive a "listen: Bad file descriptor" message right after the authentication.
SSH seems to have generate the tunnel, however, the "netstat -pant" reveals that the local port 3333 is not listening!

Code:

tcp        0      0 0.0.0.0:873             0.0.0.0:*               LISTEN      3008/rsyncd
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      3120/mysqld
tcp        0      0 127.0.0.1:38094         0.0.0.0:*               LISTEN      8945/gdl_indexer
tcp        0      0 127.0.0.1:38094         127.0.0.1:55421         SYN_RECV    - 
tcp        0      0 127.0.0.1:38094         127.0.0.1:60912         SYN_RECV    -
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2788/portmap
tcp        0      0 127.0.0.1:2544          0.0.0.0:*               LISTEN      2923/zmd
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      2946/cupsd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      3250/master
tcp      223      0 127.0.0.1:38094         127.0.0.1:49024         ESTABLISHED -                                                         
tcp        0      0 ::1:3333                :::*                    LISTEN      10537/ssh

ssh -v does not reveal a problem with the remote server:

Code:

debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/tpe/.ssh/identity
debug1: Trying private key: /home/tpe/.ssh/id_rsa
debug1: Trying private key: /home/tpe/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: Local connections to LOCALHOST:3333 forwarded to remote address 127.0.0.1:3306
debug1: Local forwarding listening on 127.0.0.1 port 3333.
listen: Bad file descriptor
debug1: Local forwarding listening on ::1 port 3333.
debug1: channel 0: new [port listener]
debug1: Entering interactive session

So, I thought that the problem was in my host file. However, the hosts file was simple and seems to be OK.

Code:

127.0.0.1       localhost
127.0.0.1       mysql.local
127.0.0.1       kde.linux kde

So, I checked the local sshd_config file:

Code:

PasswordAuthentication no

UsePAM yes
AllowTcpForwarding yes
X11Forwarding yes
TCPKeepAlive yes
Subsystem       sftp    /usr/lib/ssh/sftp-server
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL

But that seems to be OK too.

So, now I am scratching my head for a solution. Could someone help me please?

PhenuxRizing · 01-24-2008, 12:58 PM

Are you running that netstat command on your local machine or the server hosting mysql? If you run on in the terminal connected to the mysql server than port 3333 will not show up.

Try firing up your mysql client/application and point it to local tcp port 3333 and see what happens.

tpe · 01-24-2008, 01:06 PM

Nothing!
The netstat run on my local PC.
All of the following are tested locally.

Code:

mysql -D database_name -h 127.0.0.1 -P 3333 -u user -p
ERROR 2003 (HY000): Can't connect to MySQL server on '127.0.0.1' (111)

telnet 127.0.0.1 3333
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

The problem is not repeated in other PCs. For example, I tried the tunnel with the exact same commands from my laptop with no issues. But I need to have the tunnel from the desktop PC.
Any ideas?

jantman · 01-24-2008, 04:19 PM

Are you sure that SSH on the remote machine is configured to allow port forwarding? Have you tried running the command on your local machine as root?

tpe · 01-25-2008, 02:02 AM

I have tried from root account too, the sshd is configured to allow TCP port forwarding, I have tried -T option in ssh command.
Generally, from other PCs (all of them with Suse from 10.0 to 10.2) have successfully connected to remote system with ssh tunnel.
So, what I do suspect is a problem with something else.
Local and remote log files report nothing and that's what drives me crazy.
By the way, no firewall runs on both PCs.

PhenuxRizing · 01-25-2008, 09:25 AM

When you connect from other machines such as your laptop, are you connecting from the same network and subnet? Is there a router involved anywhere in between your desktop and your sql server? You may have all the software firewalls disabled but remember routers have builtin firewalls as well.