On Sat, 2008-06-21 at 19:34 -0400, Rick Bilonick wrote: > On Sun, 2008-06-22 at 02:55 +0930, Tim wrote: > > On Sat, 2008-06-21 at 10:22 -0400, Rick Bilonick wrote: > > > [chippy@localhost ~]$ ssh server@localhost -p 5000 -v > > > OpenSSH_4.7p1, OpenSSL 0.9.8b 04 May 2006 > > > debug1: Reading configuration data /etc/ssh/ssh_config > > > debug1: Applying options for * > > > debug1: Connecting to localhost [127.0.0.1] port 5000. > > > debug1: connect to address 127.0.0.1 port 5000: Connection refused > > > ssh: connect to host localhost port 5000: Connection refused > > > > > > I'm using "localhost" because I was following an example. I guess I > > > could substitute an IP for localhost. Isn't "localhost" just another > > > name for the local computer? So on the first use of ssh, localhost > > > refers to the server and on the second use of ssh, it refers to the > > > home computer. At least, that's what I believe. > > > > "localhost" is how a computer refers to itself. Just the same as a > > group of people in a room will all think of themselves as "myself" or > > "I". While correct, they could only ever converse about themselves, not > > anyone else in the room. Trying to network between different computers > > all going by the same hostname is going to twist your brain around in > > circles. > > > > If you do try "ssh server@localhost" you're going to try and connect to > > the SSH daemon on the same machine that you're typing on, which may or > > may not actually connect. But you're certainly not going to connect to > > another machine, using that address. > > > > If you don't have unique hostnames that are resolveable on your LAN > > (i.e. everyone knows the name and IP of *all* hosts on the LAN), then > > use numerical IP addresses. > > > > Again, don't fall down the "looking in the mirror" trap by trying to > > connect to 127.0.0.1. That's the numerical address for a machine to > > refer to itself. > > > > You're playing with the local loopback device. 127.0.0.1 is the > > traditional IP address for it, and localhost is the traditional hostname > > for it. > > > > -- > > [tim@localhost ~]$ uname -r > > 2.6.25.6-55.fc9.i686 > > > > Don't send private replies to my address, the mailbox is ignored. I > > read messages from the public lists. > > > > OK, apparently the example I followed from a website was not completely > correct. > > So after trying a bunch of things, I did get this to work from my home > computer to my ISP's server. Here is what I did: > > > ssh -R 4022:home:22 myaccnt@xxxxxxxxxx > > where "home" is actually the IP of my home network (instead of using > "localhost" which definitely does NOT work). This asked me for my > password and it connected. > > To see if the port was set up, I then did (on my.isp.net): > > > netstat -an | grep 4022 > > and it shows that it is listening on port 4022. > > So then from my.isp.net I did: > > > ssh -p 4022 me@localhost > > where "me" is the user on my home computer. Note that "localhost" must > be used here so I can use the port that I set up. This asks me for my > password and I connect and see files on my home computer (from being > logged in on the isp's server). > > So I know that in principle this can work. > > So I went back to my office and set up a connection from work to my home > computer: > > > ssh -R 3022:work:22 me@home > > where "work" is my work server's IP and "home" is my home computer's IP. > This asks me for my password and I connect and can see files, etc. I did > the "netstat -an | grep 3022" and it shows that it's listening on port > 3022. > > So then from my home computer I do: > > > ssh -v -p 3022 abc@localhost > > where "abc" is my user account on the work server and get: > > OpenSSH_4.7p1, OpenSSL 0.9.8b 04 May 2006 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to localhost [127.0.0.1] port 3022. > debug1: Connection established. > debug1: identity file /home/me/.ssh/identity type -1 > debug1: identity file /home/me/.ssh/id_rsa type -1 > debug1: identity file /home/me/.ssh/id_dsa type -1 > ssh_exchange_identification: Connection closed by remote host > > It never asks for my password. > > So it works from home to isp, but for some reason does NOT work from > work to home. > > What on the work server could be preventing the reverse tunnel from > working? On the server I do use hosts.allow to only allow ssh from my > home computer. Could this possibly prevent the reverse tunnel from > working? Or is the problem on my home computer? > > Thanks to everyone who replied with suggestions and questions. At least > I'm making some progress. > > Rick B. > > > My guess at the moment is that I either need to get rid of the entries in hosts.allow on the server or add an entry for localhost and the forwarded port. Rick B. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
