Discussion:
Problem using ssh client in kubuntu 15.04, -R is not working.
Антон Мацюк
2015-04-24 16:31:46 UTC
Permalink
Hi! I have a problem using kubuntu 15.04: When I do "ssh -l user -p 44
-L 8090:localhost:8090 -L 1234:localhost:5900 -R 5700:localhost:5900
my.hostname.org -N" - it opens connection, but when I try to use 5700
at remote computer, it says in local console "WARNING: Server requests
forwarding for unknown listen_port 5700". I'll appreciate any help. It
looks like some bug.

I have a brief look at sources of openssh-client, there is channels.c, method
"channel_connect_by_listen_address(const char *listen_host, u_short
listen_port, char *ctype, char *rname)"
tries to do "for" with
"if (open_listen_match_tcpip(&permitted_opens[i], listen_host,
listen_port, 1)) {"
and if nothing suits - do this error.

I am trying to understand is it a bug somewhere in openssh-client, but
do not understand C-things, I am a Java programmer, unfortunately :(
Should I post a ticket to launchpad?
Thanks!
--
ubuntu-users mailing list
ubuntu-***@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Colin Watson
2015-04-26 08:54:21 UTC
Permalink
Post by Антон Мацюк
Hi! I have a problem using kubuntu 15.04: When I do "ssh -l user -p 44
-L 8090:localhost:8090 -L 1234:localhost:5900 -R 5700:localhost:5900
my.hostname.org -N" - it opens connection, but when I try to use 5700
at remote computer, it says in local console "WARNING: Server requests
forwarding for unknown listen_port 5700". I'll appreciate any help.
You say that you're trying to use port 5700 on the remote system, but
you haven't said which host name you were trying to use. If you aren't
sure, adding the -v option to ssh should cause it to emit a debug
message something like:

debug1: client_request_forwarded_tcpip: listen localhost port 5700, originator 127.0.0.1 port 49286

... when you try to connect. I would expect to see your symptoms if
you're trying to connect to something other than localhost. If you
actually need to connect to something other than localhost at the remote
end, you'll need to enable GatewayPorts on the server and specify a
bind_address to ssh -R; see the ssh(1) and sshd_config(5) manual pages
for details.
Post by Антон Мацюк
It looks like some bug.
I think this is very likely to be a configuration mistake rather than a
bug; the forwarding facility itself works fine.
--
Colin Watson [***@ubuntu.com]
--
ubuntu-users mailing list
ubuntu-***@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailma
Karl Auer
2015-04-26 09:15:44 UTC
Permalink
Post by Антон Мацюк
Hi! I have a problem using kubuntu 15.04: When I do "ssh -l user -p 44
-L 8090:localhost:8090 -L 1234:localhost:5900 -R 5700:localhost:5900
my.hostname.org -N" - it opens connection, but when I try to use 5700
at remote computer, it says in local console "WARNING: Server requests
forwarding for unknown listen_port 5700". I'll appreciate any help.
Two possible solutions:

1: Restart the server end, terminate all local client instances, and try
your command again.

2: See if it works with two client instances, one to set up the local
redirection, one to set up the remote redirection.

This is just a guess on my part, but I think this would work around a
bug/feature involving the data structures used to track the endpoints of
such tunnels. Googling for the exact error message (minus the port
number) will lead you to more info.

Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (***@biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
--
ubuntu-users mailing list
ubuntu-***@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com
Антон Мацюк
2015-05-05 15:19:22 UTC
Permalink
Post by Colin Watson
Post by Антон Мацюк
Hi! I have a problem using kubuntu 15.04: When I do "ssh -l user -p 44
-L 8090:localhost:8090 -L 1234:localhost:5900 -R 5700:localhost:5900
my.hostname.org -N" - it opens connection, but when I try to use 5700
at remote computer, it says in local console "WARNING: Server requests
forwarding for unknown listen_port 5700". I'll appreciate any help.
You say that you're trying to use port 5700 on the remote system, but
you haven't said which host name you were trying to use. If you aren't
sure, adding the -v option to ssh should cause it to emit a debug
debug1: client_request_forwarded_tcpip: listen localhost port 5700,
originator 127.0.0.1 port 49286
... when you try to connect. I would expect to see your symptoms if
you're trying to connect to something other than localhost. If you
actually need to connect to something other than localhost at the remote
end, you'll need to enable GatewayPorts on the server and specify a
bind_address to ssh -R; see the ssh(1) and sshd_config(5) manual pages
for details.
Post by Антон Мацюк
It looks like some bug.
I think this is very likely to be a configuration mistake rather than a
bug; the forwarding facility itself works fine.
Colin, thanks for a tip, I now have a workaround :)
Sorry to be absent for a long time, was busy time working.

Here is some logs, I just changed "localhost" to "127.0.0.1" and now it
works (the "other side" is a Win7 with WinSSHD):

$ ssh -v -l user -p 44 -L 8090:localhost:8090 -L 1234:localhost:5900 -R
localhost:5700:localhost:5900 -R localhost:2222:localhost:22 my.hostname.org
-N

debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Ubuntu-5ubuntu1
debug1: Remote protocol version 2.0, remote software version 5.32 FlowSsh:
Bitvise SSH Server (WinSSHD) 6.24: free only for personal non-commercial use
debug1: no match: 5.32 FlowSsh: Bitvise SSH Server (WinSSHD) 6.24: free
only for personal non-commercial use
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256 zlib
debug1: kex: client->server aes128-ctr hmac-sha2-256 zlib
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: DSA -=-changed here-=-
debug1: Host '[my.hostname.org]:44' is known and matches the DSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to my.hostname.org (via proxy).
debug1: Local connections to LOCALHOST:8090 forwarded to remote address
localhost:8090
debug1: Local forwarding listening on ::1 port 8090.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8090.
debug1: channel 1: new [port listener]
debug1: Local connections to LOCALHOST:1234 forwarded to remote address
localhost:5900
debug1: Local forwarding listening on ::1 port 1234.
debug1: channel 2: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 1234.
debug1: channel 3: new [port listener]
debug1: Remote connections from LOCALHOST:5700 forwarded to local address
localhost:5900
debug1: Remote connections from LOCALHOST:2222 forwarded to local address
localhost:22
debug1: Entering interactive session.
debug1: remote forward success for: listen 5700, connect localhost:5900
debug1: remote forward success for: listen 2222, connect localhost:22
debug1: All remote forwarding requests processed
debug1: Connection to port 1234 forwarding to localhost port 5900 requested.
debug1: channel 4: new [direct-tcpip]
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 1 win 262144
max 65536
debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 2222,
originator 127.0.0.1 port 61360
WARNING: Server requests forwarding for unknown listen_port 2222
debug1: failure forwarded-tcpip
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 2 win 262144
max 65536
debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 5700,
originator 127.0.0.1 port 61423
WARNING: Server requests forwarding for unknown listen_port 5700
debug1: failure forwarded-tcpip
debug1: channel 4: free: direct-tcpip: listening port 1234 for localhost
port 5900, connect from 127.0.0.1 port 50061 to 127.0.0.1 port 1234,
nchannels 5



-=- now I am doing "127.0.0.1" instead of "localhost" and forwarding works
well -=-

$ ssh -v -l user -p 44 -L 8090:localhost:8090 -L 1234:localhost:5900 -R
127.0.0.1:5700:127.0.0.1:5900 -R 127.0.0.1:2222:127.0.0.1:22 my.hostname.org
-N

debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Ubuntu-5ubuntu1
debug1: Remote protocol version 2.0, remote software version 5.32 FlowSsh:
Bitvise SSH Server (WinSSHD) 6.24: free only for personal non-commercial use
debug1: no match: 5.32 FlowSsh: Bitvise SSH Server (WinSSHD) 6.24: free
only for personal non-commercial use
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256 zlib
debug1: kex: client->server aes128-ctr hmac-sha2-256 zlib
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: DSA -=-changed here-=-
debug1: Host '[my.hostname.org]:44' is known and matches the DSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to my.hostname.org (via proxy).
debug1: Local connections to LOCALHOST:8090 forwarded to remote address
localhost:8090
debug1: Local forwarding listening on ::1 port 8090.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8090.
debug1: channel 1: new [port listener]
debug1: Local connections to LOCALHOST:1234 forwarded to remote address
localhost:5900
debug1: Local forwarding listening on ::1 port 1234.
debug1: channel 2: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 1234.
debug1: channel 3: new [port listener]
debug1: Remote connections from 127.0.0.1:5700 forwarded to local address
127.0.0.1:5900
debug1: Remote connections from 127.0.0.1:2222 forwarded to local address
127.0.0.1:22
debug1: Entering interactive session.
debug1: remote forward success for: listen 127.0.0.1:5700, connect
127.0.0.1:5900
debug1: remote forward success for: listen 127.0.0.1:2222, connect
127.0.0.1:22
debug1: All remote forwarding requests processed
debug1: Connection to port 1234 forwarding to localhost port 5900 requested.
debug1: channel 4: new [direct-tcpip]
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 1 win 262144
max 65536
debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 5700,
originator 127.0.0.1 port 64668
debug1: connect_next: host 127.0.0.1 ([127.0.0.1]:5900) in progress, fd=10
debug1: channel 5: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: channel 5: connection failed: Connection refused
connect_to 127.0.0.1 port 5900: failed.
debug1: channel 5: free: 127.0.0.1, nchannels 6
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 2 win 262144
max 65536
debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 2222,
originator 127.0.0.1 port 64868
debug1: connect_next: host 127.0.0.1 ([127.0.0.1]:22) in progress, fd=10
debug1: channel 5: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: channel 5: connected to 127.0.0.1 port 22
debug1: channel 5: free: 127.0.0.1, nchannels 6
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 3 win 262144
max 65536
debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 5700,
originator 127.0.0.1 port 65225
debug1: connect_next: host 127.0.0.1 ([127.0.0.1]:5900) in progress, fd=10
debug1: channel 5: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: channel 5: connection failed: Connection refused
connect_to 127.0.0.1 port 5900: failed.
debug1: channel 5: free: 127.0.0.1, nchannels 6
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 4 win 262144
max 65536
debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 5700,
originator 127.0.0.1 port 49238
debug1: connect_next: host 127.0.0.1 ([127.0.0.1]:5900) in progress, fd=10
debug1: channel 5: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: channel 5: connected to 127.0.0.1 port 5900
debug1: channel 5: free: 127.0.0.1, nchannels 6
Антон Мацюк
2015-05-06 13:05:15 UTC
Permalink
Post by Антон Мацюк
Post by Colin Watson
Post by Антон Мацюк
It looks like some bug.
I think this is very likely to be a configuration mistake rather than a
bug; the forwarding facility itself works fine.
Colin, thanks for a tip, I now have a workaround :)
Sorry to be absent for a long time, was busy time working.
Here is some logs, I just changed "localhost" to "127.0.0.1" and now it
One more case:
debug1: remote forward success for: listen *:2222, connect 127.0.0.1:22
...
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 0 win
262144 max 65536
debug1: client_request_forwarded_tcpip: listen 0.0.0.0 port 2222,
originator 127.0.0.1 port 60842
WARNING: Server requests forwarding for unknown listen_port 2222

Is it normal?
Антон Мацюк
2015-05-06 13:09:43 UTC
Permalink
Post by Антон Мацюк
debug1: remote forward success for: listen *:2222, connect 127.0.0.1:22
...
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 0 win
262144 max 65536
debug1: client_request_forwarded_tcpip: listen 0.0.0.0 port 2222,
originator 127.0.0.1 port 60842
WARNING: Server requests forwarding for unknown listen_port 2222
Is it normal?
-R 0.0.0.0:2222:127.0.0.1:22 does a trick. But it is freaky looking.
Loading...