On Tue, 2007-01-23 at 19:28 +0000, Jonathan Underwood wrote:
> Hi Rick,
>
> On 23/01/07, Rick Sewill <rsewill@xxxxxxxxxxxx> wrote:
>
> > When you ssh from machine A to machine B,
> > can you ssh from machine B to machine C?
>
> Yes, I can.
>
> >
> > It may not provide much information, but my next instinct would be to
> > turn on verbose mode, "man ssh"
> > ssh -v -v -v -p 8888 localhost
>
> ssh -vvv -p 8888 localhost
> OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to localhost [::1] port 8888.
> debug1: Connection established.
> debug1: identity file /home/jgu/.ssh/identity type -1
> debug1: identity file /home/jgu/.ssh/id_rsa type -1
> debug1: identity file /home/jgu/.ssh/id_dsa type -1
> ssh_exchange_identification: Connection closed by remote host
>
> and, also, if I start up the tunnel with -vvv, I get this each time I
> try to connect to port 8888 on the local host:
>
> debug1: Connection to port 8888 forwarding to withnail.phys.ucl.ac.uk
> port 22 requested.
> debug2: fd 9 setting TCP_NODELAY
> debug2: fd 9 setting O_NONBLOCK
> debug3: fd 9 is O_NONBLOCK
> debug1: channel 3: new [direct-tcpip]
> channel 3: open failed: administratively prohibited: open failed
> debug1: channel 3: free: direct-tcpip: listening port 8888 for
> withnail.phys.ucl.ac.uk port 22, connect from ::1 port 36180,
> nchannels 4
> debug3: channel 3: status: The following connections are open:
> #2 client-session (t4 r0 i0/0 o0/0 fd 6/7 cfd -1)
> #3 direct-tcpip: listening port 8888 for withnail.phys.ucl.ac.uk
> port 22, connect from ::1 port 36180 (t3 r-1 i0/0 o0/0 fd 9/9 cfd -1)
>
> debug3: channel 3: close_fds r 9 w 9 e -1 c -1
> debug1: Connection to port 8888 forwarding to withnail.phys.ucl.ac.uk
> port 22 requested.
> debug2: fd 9 setting TCP_NODELAY
> debug2: fd 9 setting O_NONBLOCK
> debug3: fd 9 is O_NONBLOCK
> debug1: channel 3: new [direct-tcpip]
> channel 3: open failed: administratively prohibited: open failed
> debug1: channel 3: free: direct-tcpip: listening port 8888 for
> withnail.phys.ucl.ac.uk port 22, connect from ::1 port 36181,
> nchannels 4
> debug3: channel 3: status: The following connections are open:
> #2 client-session (t4 r0 i0/0 o0/0 fd 6/7 cfd -1)
> #3 direct-tcpip: listening port 8888 for withnail.phys.ucl.ac.uk
> port 22, connect from ::1 port 36181 (t3 r-1 i0/0 o0/0 fd 9/9 cfd -1)
>
> debug3: channel 3: close_fds r 9 w 9 e -1 c -1
>
> Does that shed any light ?
> J.
>
It says it is an administrative issue. I am guessing authentication.
I have a long-shot guess...after trying some local tests here.
I have one user name, USERA, on machine A,
user name, USERX, on machine B and machine C
I did the same (names of machines are different)
>From machine A> ssh -N -L 8080:C:22 B
>From machine A> ssh -p 8080 localhost
-- and it failed because my name on machine A is different
from my name on machine B and ssh on machine A was passing
the equivalent of "USERA@localhost"
When I did from machine A> ssh -p 8080 USERX@localhost
I succeeded because machine C knew about and wanted USERX
Another possibility...when you connect from machine B to machine C,
do you have anything special in ~/.ssh/config file on machine B
that is not being triggered when you ssh through the tunnel?
I might as well ask if there is anything special in ~/.ssh/config file
on machine A that might be specifying something machine C does not
support. Such things might be a certain kind of encryption or
compression or ....
Sorry I am not being as much help as I would like to be.
You may need to ask the administrator for machine C what is showing up
in the syslog.
--
Rick Sewill tel:+1-218-287-1075 mailto:rsewill@xxxxxxxxxxxx
1028 7th St. N. mailto:rsewill@xxxxxxxxx
Moorhead, MN 56560-1568 ymsgr:rsewill sip:628497@xxxxxxxxxxxxxx
U. S. A. tel:+1-701-866-0266 xmpp:rsewill@xxxxxxxxxx
