[clug] Why is my SSH port forwarding failing all of a sudden?
Bob Edwards
bob at cs.anu.edu.au
Tue Feb 2 03:54:11 UTC 2016
On 01/02/16 21:46, Tony Lewis wrote:
> Hi all,
>
> I SSH to my server, and use local port forwarding to reach in to other
> servers. It was working a treat until today.
>
> Nothing changed on the server or client configs, though the clients
> (Cygwin) did upgrade from
> OpenSSH_7.1p1, OpenSSL 1.0.2d (XX) Aug 2015
> to
> OpenSSH_7.1p2, OpenSSL 1.0.2f 28 Jan 2016
>
> I tried downgrading but can't go back to earlier than OpenSSH 1.0.2e. I
> am having the same problem on my Linux desktop also.
>
> The problem is at the tunnel server. In /var/log/auth.log I see:
> Received request to connect to host blah.domain port 22, but the
> request was denied.
>
> Googlage indicates proposed solutions that involve enabling port
> forwarding. But I have no AllowTcpForwarding directive, and the default
> is "yes". There are no PermitOpen directives (though I tried them) and
> the result is the same with or without the PermitTunnel directive.
>
> The authorized_keys file contains only keys, no restrictions (e.g. no
> force-command).
>
> I know the problem is with the server, because it makes no attempt on
> the network to establish a connection to my destination server.
> Something in the server is administratively blocking my port forwarding.
>
> The server is Debian Wheezy.
>
> # dpkg -l | grep ssh
> ...
> ii openssh-client 1:6.0p1-4+deb7u3 amd64 secure shell
> (SSH) client, for secure access to remote machines
> ii openssh-server 1:6.0p1-4+deb7u3 amd64 secure shell
> (SSH) server, for secure access from remote machines
>
> Any clues?
>
> Tony
My suggestion would be to overlook the documented "default" behaviour
for the AllowTcpForwarding directive, and set it explicitly to "yes".
Then don't forget to properly restart the SSH daemon - sometimes
/etc/init.d/ssh restart doesn't actually do anything... On Jessie, I
usually have to use "systemctl restart ssh".
cheers,
Bob Edwards.
More information about the linux
mailing list