[clug] Why is my SSH port forwarding failing all of a sudden?
bob at cs.anu.edu.au
Tue Feb 2 03:54:11 UTC 2016
On 01/02/16 21:46, Tony Lewis wrote:
> Hi all,
> I SSH to my server, and use local port forwarding to reach in to other
> servers. It was working a treat until today.
> Nothing changed on the server or client configs, though the clients
> (Cygwin) did upgrade from
> OpenSSH_7.1p1, OpenSSL 1.0.2d (XX) Aug 2015
> OpenSSH_7.1p2, OpenSSL 1.0.2f 28 Jan 2016
> I tried downgrading but can't go back to earlier than OpenSSH 1.0.2e. I
> am having the same problem on my Linux desktop also.
> The problem is at the tunnel server. In /var/log/auth.log I see:
> Received request to connect to host blah.domain port 22, but the
> request was denied.
> Googlage indicates proposed solutions that involve enabling port
> forwarding. But I have no AllowTcpForwarding directive, and the default
> is "yes". There are no PermitOpen directives (though I tried them) and
> the result is the same with or without the PermitTunnel directive.
> The authorized_keys file contains only keys, no restrictions (e.g. no
> I know the problem is with the server, because it makes no attempt on
> the network to establish a connection to my destination server.
> Something in the server is administratively blocking my port forwarding.
> The server is Debian Wheezy.
> # dpkg -l | grep ssh
> ii openssh-client 1:6.0p1-4+deb7u3 amd64 secure shell
> (SSH) client, for secure access to remote machines
> ii openssh-server 1:6.0p1-4+deb7u3 amd64 secure shell
> (SSH) server, for secure access from remote machines
> Any clues?
My suggestion would be to overlook the documented "default" behaviour
for the AllowTcpForwarding directive, and set it explicitly to "yes".
Then don't forget to properly restart the SSH daemon - sometimes
/etc/init.d/ssh restart doesn't actually do anything... On Jessie, I
usually have to use "systemctl restart ssh".
More information about the linux