You are not logged in.

Pages: 1

#1 2010-01-23 19:39:45

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,597
Website

configuration of sshd to allow port forwarding (tunneling)?

I'm having a tough time setting up my sshd daemon to allow me to tunnel.  I use the following to connect and get these bind errors as shown below:

$ ssh bigbox -D 7000
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 7000
Could not request local forwarding.

Can someone advise me what I need to enable to allow tunneling/forwarding?  Here is my server's /etc/ssh/sshd_config

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
ListenAddress 0.0.0.0
Protocol 2

ChallengeResponseAuthentication no
UsePAM yes

AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts yes
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd yes
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
PermitTunnel yes
#ChrootDirectory none

# override default of no subsystems
Subsystem    sftp    /usr/lib/ssh/sftp-server

DenyUsers root

Last edited by graysky (2010-01-23 19:48:20)

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#2 2010-01-23 20:35:42

firecat53
Member
From: Lake Stevens, WA, USA
Registered: 2007-05-14
Posts: 1,542
Website

Re: configuration of sshd to allow port forwarding (tunneling)?

Here my functional sshd_config that I use as a socks proxy -- keep in mind this is using key authentication, so don't lock yourself out by accident! Notice you have to define the port you are using -- make sure first it's not being used by another application, which could also result in the error message you saw.
I setup the socks proxy on the client machine by: ssh -fND <localport> -l <login> -p <server port> <location>
so if you have sshd running on port 7000 on your server: ssh -fND 7000 -l graysky -p 7000 bigbox.
(although without the -l and -p if bigbox is defined in .ssh/config)

# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 7000
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

Good luck!
Scott

Github

Offline

#3 2010-01-23 23:43:42

NSB-fr
Member
Registered: 2010-01-23
Posts: 45

Re: configuration of sshd to allow port forwarding (tunneling)?

Hi there.

graysky wrote:

I'm having a tough time setting up my sshd daemon to allow me to tunnel.  I use the following to connect and get these bind errors as shown below:

$ ssh bigbox -D 7000
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 7000
Could not request local forwarding.

Can someone advise me what I need to enable to allow tunneling/forwarding?  Here is my server's /etc/ssh/sshd_config

/.../

The "bind: Address already in use" part in your error message above make me think a local process is already listening on port 7000. A netstat -l should confirm that.

Last edited by NSB-fr (2010-01-23 23:44:40)

Carpe Diem

Offline

#4 2010-01-24 10:29:22

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,597
Website

Re: configuration of sshd to allow port forwarding (tunneling)?

thanks for the replies all.  After rebooting the client machine, everything works just fine.  Perhaps something was hung up?

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

Pages: 1

Board footer

Powered by FluxBB