Re: ssh tunneling client settings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24Feb2010 18:32, Andrew Haley <[email protected]> wrote:
| On 02/24/2010 06:23 PM, Christoph Höger wrote:
| > Am Mittwoch, den 24.02.2010, 15:57 +0000 schrieb Andrew Haley:
| >> On 02/24/2010 02:41 PM, Christoph Höger wrote:
| >>> are there any special client settings one needs to have for ssh
| >>> tunneling?
| >>> I have the classical setup: machines A1 and A2 (both fedora 12) should
| >>> access C which is only accessible from B1 (kerberos) or B2 (private key)
| >>>
| >>> So on A1 I used to
| >>>
| >>> ssh -L 10080:C:80 B1
| >>>
| >>> or
| >>>
| >>> ssh -L 10080:C:80 B2
| >>>
| >>> Both work fine.
| >>>
| >>> But on A2:
| >>>
| >>> ssh -L 10080:C:80 B1/B2
| >>>
| >>> logs me in to the machine but every connection attempt returns:
| >>>
| >>> channel 3: open failed: administratively prohibited: open failed
| >>>
| >>> Why? What kind of weird setting is this?
| >>
| >> Anything in the logs?  Looks like a policy issue to me.
| > 
| > What logs do you mean? This is a client issue. Does the ssh client write
| > to local log files?
| 
| No.  I think it may be a SELinux policy issue.

You also get this if the server end is locked down in the sshd_config or
in the key in the authorized_keys file. It is perfectly possible to
permit only specific port forwards at the server end. "man
authorized_keys" has details. We do this routinely for batch tunnels and
locked down remote access (eg for testers - let them ssh in, no shell,
only specific port forwards to the service to test).
-- 
Cameron Simpson <[email protected]> DoD#743
http://www.cskk.ezoshosting.com/cs/

Uh, this is only temporary...unless it works.   - Red Green
-- 
users mailing list
[email protected]
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux