Mac Problem with Tunneling...

Jerry LeVan <jerry.levan@eku.edu> writes:

How ever if I turn it around, and on the mac issue
the command
ssh -L 6666:linuxbox:5432 -l jerry linuxbox
Then I am not able to connect to the linux box
via psql or any Gui front ends.

[ tries it ... ] Worksforme, using the stock ssh in OS X 10.4.6.

Maybe you've got the OS X firewall configured to prevent connections to
port 6666? That doesn't seem to be default, because I didn't have to
adjust the firewall for my experiment.

Another possibility is that the ssh daemon on the linux box is
restricted from opening local connections. It wouldn't surprise
me if this is disabled by default by SELinux for instance :-(

regards, tom lane

On May 13, 2006, at 6:18 PM, Tom Lane wrote:

Jerry LeVan <jerry.levan@eku.edu> writes:

How ever if I turn it around, and on the mac issue
the command
ssh -L 6666:linuxbox:5432 -l jerry linuxbox
Then I am not able to connect to the linux box
via psql or any Gui front ends.

[ tries it ... ] Worksforme, using the stock ssh in OS X 10.4.6.

Maybe you've got the OS X firewall configured to prevent
connections to
port 6666? That doesn't seem to be default, because I didn't have to
adjust the firewall for my experiment.

Another possibility is that the ssh daemon on the linux box is
restricted from opening local connections. It wouldn't surprise
me if this is disabled by default by SELinux for instance :-(

regards, tom lane

I am still puzzled. I don't think it is a postgresql problem since I
can't forward to other daemons running on the linux box.

I have noticed a error in the message file on the linux box that
is generated when ever I try to connect from the mac.

**********
debug1: Connection to port 2224 forwarding to linuxbox port 2224
requested.
debug2: fd 9 setting TCP_NODELAY
debug2: fd 9 is O_NONBLOCK
debug2: fd 9 is O_NONBLOCK
debug1: channel 3: new [direct-tcpip]
channel 3: open failed: administratively prohibited: open failed
debug1: channel 3: free: direct-tcpip: listening port 2224 for
linuxbox port 2224, connect from ::1 port 50663, nchannels 4
debug3: channel 3: status: The following connections are open:
#2 client-session (t4 r0 i0/0 o0/0 fd 6/7)
#3 direct-tcpip: listening port 2224 for linuxbox port 2224,
connect from ::1 port 50663 (t3 r-1 i0/0 o0/0 fd 9/9)

debug3: channel 3: close_fds r 9 w 9 e -1
May 13 19:22:05 localhost sshd[5844]: error: connect_to linuxbox:
unknown host (Name or service not known)
***********
It appears that I have to somehow tell the linux box about the Mac....

This does not appear to be necessary when talking to the mac from the
linux box.

Sigh,

Jerry

On Sat, 13 May 2006, Jerry LeVan wrote:

channel 3: open failed: administratively prohibited: open failed

This is the standard error you'll see when /etc/ssh/sshd_config (or local
equivalent) has AllowTcpForwarding no.

Kris Jurka

Jerry LeVan wrote:

Hi,
On my linux box I can issue the command

ssh -L 5555:macjerry:5432 -l jerry macjerry

This will create a "tunnel" to connect to my
mac named "macjerrry".

I can connect to databases on macjerry via psql
by specifying port 5555 on my linux box and other postgresql
front ends.

How ever if I turn it around, and on the mac issue
the command

ssh -L 6666:linuxbox:5432 -l jerry linuxbox

Then I am not able to connect to the linux box
via psql or any Gui front ends.

I get an error:

[jerry@localhost ~]$ channel 3: open failed: administratively
prohibited: open failed
channel 3: open failed: administratively prohibited: open failed

No errors appear in the server log on the linux box.

I am new to ssh, have I overlooked something?

Well one slight mistake is maybe to use the hostname
in the forward. The forward is always calculated from
ssh-connection end point. And in your case it should be
in both cases: localhost - since you are connecting
to the box where the service runs.

This might or might not change anything but a connection
from localhost to localhost is always treated differently
by firewalls.

Also make sure: AllowTcpForwarding yes
is set in sshd_config

Regards
Tino