[clug] Why is my SSH port forwarding failing all of a sudden?

[Tony Lewis]

On 03/02/16 20:40, Tony Lewis wrote:
> I cannot figure it out but will keep an eye on it to see if it 
> misbehaves again.  It's probably me, but I just cannot figure out what 
> I broke and how I fixed it.

Oh.  Found it.

The client authenticates as user tunnel on the tunnel server using a 
public key.  Somewhere along the way, adding a new user, I had reset the 
password, with the intent of locking it afterwards ("passwd -l 
tunnel").  I expired it instead ("passwd -e tunnel").  The PKI 
authentication worked, or at least appeared to work, as the account is 
configured to not give a shell and only tunnel ports.

But that's the difference.  An expired password, which is where the 
login progam won't let you log in without setting a new password, locks 
at least tunnelling, and probably locks any session itself. Setting the 
password to something dumb and then locking the account has fixed the 
problem.

So, again, thanks for the input.

Tony