From owner-freebsd-questions Fri Jun 29 7:28:29 2001 Delivered-To: freebsd-questions@freebsd.org Received: from lists.unixathome.org (lists.unixathome.org [210.48.103.158]) by hub.freebsd.org (Postfix) with ESMTP id 114AA37B403 for ; Fri, 29 Jun 2001 07:28:25 -0700 (PDT) (envelope-from dan@langille.org) Received: from localhost (localhost [127.0.0.1]) by lists.unixathome.org (8.11.1/8.11.1) with ESMTP id f5TESG861260; Sat, 30 Jun 2001 02:28:16 +1200 (NZST) (envelope-from dan@langille.org) Date: Sat, 30 Jun 2001 02:28:15 +1200 (NZST) From: Dan Langille X-Sender: dan@lists.unixathome.org To: Marc Fonvieille Cc: freebsd-questions@FreeBSD.ORG Subject: Re: remote cvs access In-Reply-To: <20010629154229.A744@vobiscum.styx.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 29 Jun 2001, Marc Fonvieille wrote: > On Thu, Jun 28, 2001 at 07:18:21PM -0400, Dan Langille wrote: > > Here's what finally worked for me: > > > > ssh -2 -N -f -L 2401:cvs.example.org:2401 localhost > > > > where cvs.example.org is the hostname of the cvs server in question. > > > [...] > > > > The next thing that concerns me is the following output from tcpdump. > > Hostnames have been changed: > > > > 19:04:52.140672 host.example.org.1156 > cvs.example.org.cvspserver: . ack > > 660 win 17520 (DF) > > 19:04:52.140907 cvs.example.org.cvspserver > host.example.org.1156: P > > 660:697(37) ack 1346 win 17520 (DF) > > > > Why am I seeing traffic on port 2401? > > > > Given what I've read in man ssh, I'm hoping that this traffic across the wire > > isn't actually on port 2401 and is encapsulated within the ssh connection: > > > > -L port:host:hostport > > Specifies that the given port on the local (client) host is to be > > forwarded to the given host and port on the remote side. This > > works by allocating a socket to listen to port on the local side, > > and whenever a connection is made to this port, the connection is > > forwarded over the secure channel, and a connection is made to > > host port hostport from the remote machine. > > > > Well, for me your ssh command is weird: > > ssh -2 -N -f -L 2401:cvs.example.org:2401 localhost > > this line create a secure channel from localhost to localhost and the > forwarding is made over this tunnel: it's what i understand... > > Try ssh -2 -N -f -L 2401:cvs.example.org:2401 cvs.example.org > (i guess you own a ssh acces on that box). Yes, I do: [dan@dev:~] $ ssh -p 2222 -2 -N -f -L 2401:cvs.freshports.org:2401 cvs.freshports.org dan@cvs.freshports.org's password: [dan@dev:~] $ cvs login (Logging in to dan@localhost) CVS password: channel_open_failure: 3: reason 1: bla bla cvs [login aborted]: recv() from server localhost: EOF As you can see, I'm sshing to port 2222 because the cvs server is actually behind a NAT firewall. For what it's worth, I did try a port forward on the firewall for 2401 but that failed for other reasons: $ ssh -2 -N -f -L 2401:cvs.example.org:2401 cvs.example.org dan@cvs.example.org's password: [dan@dev:~] $ cvs login (Logging in to dan@localhost) CVS password: cvs login: authorization failed: server localhost rejected access to /usr/local/cvs for user dan [dan@dev:~] $ Connection to cvs.example.org closed by remote host. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message