[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:29322] ssh port forwarding problem



和田と申します. 

以前までできていた ssh によるポートフォワーディングの挙動が,
ssh_2.9p2-4 にアップグレードした頃からおかしくなってうまくできなくなっ
てしまいました. 何か基本的なことを見落していそうなのですが, 色々調べて
もどうしても原因が特定できません. 何でもよいので情報を頂ければと思いま
す. よろしくお願いします.


具体的には,

localhsot$ ssh -R 10022:localhost:22 remotehost

として, localhost の 22 番ポート (sshd) を, remotehost の 10022 番ポー
トにフォワードします. その後, remotehost で 10022 番ポートに telnet を
かけると, 

remotehost$ telnet localhost 10022
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

と, ここで止まってしまいます. 本来はこれに続いて

SSH-1.99-OpenSSH_2.9p2

と ssh のバージョンが返ってくるべきです. この時の verbose モードの出力
は以下です.

localhost$ ssh -v -R 10022:localhost:22 remotehost
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /home/wada/.ssh/config
debug1: Applying options for remotehost
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Executing proxy command:  /home/wada/bin/connect -H proxy.server remotehost 443
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/wada/.ssh/identity type -1
debug1: identity file /home/wada/.ssh/id_rsa type -1
debug1: identity file /home/wada/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 zlib
debug1: kex: client->server aes128-cbc hmac-md5 zlib
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 130/256
debug1: bits set: 1010/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'remotehost' is known and matches the RSA host key.
debug1: Found key in /home/wada/.ssh/known_hosts2:1
debug1: bits set: 1014/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/wada/.ssh/identity
debug1: try privkey: /home/wada/.ssh/id_rsa
debug1: try privkey: /home/wada/.ssh/id_dsa
debug1: next auth method to try is password
wada@remotehost's password: 
debug1: ssh-userauth2 successful: method password
debug1: Connections to remote port 10022 forwarded to local address localhost:22
debug1: channel 0: new [client-session]
debug1: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 0 rmax 16384
Last login: Sat Jul 28 20:38:56 2001 from xx.xxx.xxx.xxx on pts/0
Linux remotehost 2.2.19 #1 Mon Apr 16 14:37:56 JST 2001 i686 unknown

Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/share/doc/*/copyright

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
remotehost$ 


また, mailserver の 110 番ポート(pop3)を,localhost の 10110 番ポートに
フォワードした時の verbose 出力も示しておきます. この時, localhost の 
10110 番ポートに telnet をかけると, 上の例とはやや挙動が異なり,

localhost$ telnet localhost 10110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

となって強制終了させられます. 


localhost$ ssh -v -L 10110:mailserver:110 localhost
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /home/wada/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for localhost
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/wada/.ssh/identity type -1
debug1: identity file /home/wada/.ssh/id_rsa type -1
debug1: identity file /home/wada/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 zlib
debug1: kex: client->server aes128-cbc hmac-md5 zlib
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 119/256
debug1: bits set: 1041/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Forcing accepting of host key for loopback/localhost.
debug1: bits set: 1002/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/wada/.ssh/identity
debug1: try privkey: /home/wada/.ssh/id_rsa
debug1: try privkey: /home/wada/.ssh/id_dsa
debug1: next auth method to try is password
wada@localhost's password: 
debug1: ssh-userauth2 successful: method password
debug1: Connections to local port 10110 forwarded to remote address mailserver:110
debug1: Local forwarding listening on 127.0.0.1 port 10110.
debug1: fd 4 setting O_NONBLOCK
debug1: fd 4 IS O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: channel 1: new [client-session]
debug1: channel_new: 1
debug1: send channel open 1
debug1: Entering interactive session.
debug1: client_init id 1 arg 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
debug1: channel request 1: shell
debug1: channel 1: open confirm rwindow 0 rmax 16384
Last login: Sat Jul 28 20:49:11 2001 from localhost on pts/6
Linux localhostname 2.4.7 #1 2001年 7月 24日 火曜日 20:04:13 JST i686 unknown

Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/share/doc/*/copyright

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
No mail.
localhost$ debug1: Connection to port 10110 forwarding to mailserver port 110 requested.
debug1: fd 9 setting O_NONBLOCK
debug1: fd 9 IS O_NONBLOCK
debug1: channel 2: new [direct-tcpip]
channel_open_failure: 2: reason 1 bla bla
debug1: channel_free: channel 2: status: The following connections are open:
  #1 client-session (t4 r0 i1/0 o16/0 fd 5/7)
  #2 direct-tcpip: listening port 10110 for mailserver port 110, connect from 127.0.0.1 port 34535 (t3 r-1 i1/0 o16/0 fd 9/9)


以上どんな情報でも結構ですのでよろしくお願いします. 


$ dpkg -l ssh
ii  ssh            2.9p2-4        Secure rlogin/rsh/rcp replacement (OpenSSH)


---
和田