You are not logged in.
I'm having a tough time setting up my sshd daemon to allow me to tunnel. I use the following to connect and get these bind errors as shown below:
$ ssh bigbox -D 7000
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 7000
Could not request local forwarding.
Can someone advise me what I need to enable to allow tunneling/forwarding? Here is my server's /etc/ssh/sshd_config
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
ListenAddress 0.0.0.0
Protocol 2
ChallengeResponseAuthentication no
UsePAM yes
AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts yes
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd yes
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
PermitTunnel yes
#ChrootDirectory none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
DenyUsers root
Last edited by graysky (2010-01-23 19:48:20)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
Here my functional sshd_config that I use as a socks proxy -- keep in mind this is using key authentication, so don't lock yourself out by accident! Notice you have to define the port you are using -- make sure first it's not being used by another application, which could also result in the error message you saw.
I setup the socks proxy on the client machine by: ssh -fND <localport> -l <login> -p <server port> <location>
so if you have sshd running on port 7000 on your server: ssh -fND 7000 -l graysky -p 7000 bigbox.
(although without the -l and -p if bigbox is defined in .ssh/config)
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 7000
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
Good luck!
Scott
Offline
Hi there.
I'm having a tough time setting up my sshd daemon to allow me to tunnel. I use the following to connect and get these bind errors as shown below:
$ ssh bigbox -D 7000 bind: Address already in use channel_setup_fwd_listener: cannot listen to port: 7000 Could not request local forwarding.
Can someone advise me what I need to enable to allow tunneling/forwarding? Here is my server's /etc/ssh/sshd_config
/.../
The "bind: Address already in use" part in your error message above make me think a local process is already listening on port 7000. A netstat -l should confirm that.
Last edited by NSB-fr (2010-01-23 23:44:40)
Carpe Diem
Offline
thanks for the replies all. After rebooting the client machine, everything works just fine. Perhaps something was hung up?
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline