You are not logged in.

Pages: 1

#1 2010-01-23 19:39:45

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,719
Website

configuration of sshd to allow port forwarding (tunneling)?

I'm having a tough time setting up my sshd daemon to allow me to tunnel.  I use the following to connect and get these bind errors as shown below:

$ ssh bigbox -D 7000
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 7000
Could not request local forwarding.

Can someone advise me what I need to enable to allow tunneling/forwarding?  Here is my server's /etc/ssh/sshd_config

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
ListenAddress 0.0.0.0
Protocol 2

ChallengeResponseAuthentication no
UsePAM yes

AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts yes
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd yes
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
PermitTunnel yes
#ChrootDirectory none

# override default of no subsystems
Subsystem    sftp    /usr/lib/ssh/sftp-server

DenyUsers root

Last edited by graysky (2010-01-23 19:48:20)

AUR packagesZsh and other configs

Offline

#2 2010-01-23 20:35:42

firecat53
Member
From: Lake Stevens, WA, USA
Registered: 2007-05-14
Posts: 1,542
Website

Re: configuration of sshd to allow port forwarding (tunneling)?

Here my functional sshd_config that I use as a socks proxy -- keep in mind this is using key authentication, so don't lock yourself out by accident! Notice you have to define the port you are using -- make sure first it's not being used by another application, which could also result in the error message you saw.
I setup the socks proxy on the client machine by: ssh -fND <localport> -l <login> -p <server port> <location>
so if you have sshd running on port 7000 on your server: ssh -fND 7000 -l graysky -p 7000 bigbox.
(although without the -l and -p if bigbox is defined in .ssh/config)

# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 7000
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

Good luck!
Scott

Github

Offline

#3 2010-01-23 23:43:42

NSB-fr
Member
Registered: 2010-01-23
Posts: 45

Re: configuration of sshd to allow port forwarding (tunneling)?

Hi there.

graysky wrote:

I'm having a tough time setting up my sshd daemon to allow me to tunnel.  I use the following to connect and get these bind errors as shown below:

$ ssh bigbox -D 7000
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 7000
Could not request local forwarding.

Can someone advise me what I need to enable to allow tunneling/forwarding?  Here is my server's /etc/ssh/sshd_config

/.../

The "bind: Address already in use" part in your error message above make me think a local process is already listening on port 7000. A netstat -l should confirm that.

Last edited by NSB-fr (2010-01-23 23:44:40)

Carpe Diem

Offline

#4 2010-01-24 10:29:22

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,719
Website

Re: configuration of sshd to allow port forwarding (tunneling)?

thanks for the replies all.  After rebooting the client machine, everything works just fine.  Perhaps something was hung up?

AUR packagesZsh and other configs

Offline

Pages: 1

Board footer

Powered by FluxBB