Thread: Mac Problem with Tunneling...
Hi, On my linux box I can issue the command ssh -L 5555:macjerry:5432 -l jerry macjerry This will create a "tunnel" to connect to my mac named "macjerrry". I can connect to databases on macjerry via psql by specifying port 5555 on my linux box and other postgresql front ends. How ever if I turn it around, and on the mac issue the command ssh -L 6666:linuxbox:5432 -l jerry linuxbox Then I am not able to connect to the linux box via psql or any Gui front ends. I get an error: [jerry@localhost ~]$ channel 3: open failed: administratively prohibited: open failed channel 3: open failed: administratively prohibited: open failed No errors appear in the server log on the linux box. I am new to ssh, have I overlooked something? Jerry
Jerry LeVan <jerry.levan@eku.edu> writes: > How ever if I turn it around, and on the mac issue > the command > ssh -L 6666:linuxbox:5432 -l jerry linuxbox > Then I am not able to connect to the linux box > via psql or any Gui front ends. [ tries it ... ] Worksforme, using the stock ssh in OS X 10.4.6. Maybe you've got the OS X firewall configured to prevent connections to port 6666? That doesn't seem to be default, because I didn't have to adjust the firewall for my experiment. Another possibility is that the ssh daemon on the linux box is restricted from opening local connections. It wouldn't surprise me if this is disabled by default by SELinux for instance :-( regards, tom lane
On May 13, 2006, at 6:18 PM, Tom Lane wrote: > Jerry LeVan <jerry.levan@eku.edu> writes: >> How ever if I turn it around, and on the mac issue >> the command >> ssh -L 6666:linuxbox:5432 -l jerry linuxbox >> Then I am not able to connect to the linux box >> via psql or any Gui front ends. > > [ tries it ... ] Worksforme, using the stock ssh in OS X 10.4.6. > > Maybe you've got the OS X firewall configured to prevent > connections to > port 6666? That doesn't seem to be default, because I didn't have to > adjust the firewall for my experiment. > > Another possibility is that the ssh daemon on the linux box is > restricted from opening local connections. It wouldn't surprise > me if this is disabled by default by SELinux for instance :-( > > regards, tom lane I am still puzzled. I don't think it is a postgresql problem since I can't forward to other daemons running on the linux box. I have noticed a error in the message file on the linux box that is generated when ever I try to connect from the mac. ********** debug1: Connection to port 2224 forwarding to linuxbox port 2224 requested. debug2: fd 9 setting TCP_NODELAY debug2: fd 9 is O_NONBLOCK debug2: fd 9 is O_NONBLOCK debug1: channel 3: new [direct-tcpip] channel 3: open failed: administratively prohibited: open failed debug1: channel 3: free: direct-tcpip: listening port 2224 for linuxbox port 2224, connect from ::1 port 50663, nchannels 4 debug3: channel 3: status: The following connections are open: #2 client-session (t4 r0 i0/0 o0/0 fd 6/7) #3 direct-tcpip: listening port 2224 for linuxbox port 2224, connect from ::1 port 50663 (t3 r-1 i0/0 o0/0 fd 9/9) debug3: channel 3: close_fds r 9 w 9 e -1 May 13 19:22:05 localhost sshd[5844]: error: connect_to linuxbox: unknown host (Name or service not known) *********** It appears that I have to somehow tell the linux box about the Mac.... This does not appear to be necessary when talking to the mac from the linux box. Sigh, Jerry
On Sat, 13 May 2006, Jerry LeVan wrote: > channel 3: open failed: administratively prohibited: open failed This is the standard error you'll see when /etc/ssh/sshd_config (or local equivalent) has AllowTcpForwarding no. Kris Jurka
Jerry LeVan wrote: > Hi, > On my linux box I can issue the command > > ssh -L 5555:macjerry:5432 -l jerry macjerry > > This will create a "tunnel" to connect to my > mac named "macjerrry". > > I can connect to databases on macjerry via psql > by specifying port 5555 on my linux box and other postgresql > front ends. > > How ever if I turn it around, and on the mac issue > the command > > ssh -L 6666:linuxbox:5432 -l jerry linuxbox > > Then I am not able to connect to the linux box > via psql or any Gui front ends. > > I get an error: > > [jerry@localhost ~]$ channel 3: open failed: administratively > prohibited: open failed > channel 3: open failed: administratively prohibited: open failed > > No errors appear in the server log on the linux box. > > I am new to ssh, have I overlooked something? Well one slight mistake is maybe to use the hostname in the forward. The forward is always calculated from ssh-connection end point. And in your case it should be in both cases: localhost - since you are connecting to the box where the service runs. This might or might not change anything but a connection from localhost to localhost is always treated differently by firewalls. Also make sure: AllowTcpForwarding yes is set in sshd_config Regards Tino