From owner-freebsd-security  Tue Jul 27  4:58:38 1999
Delivered-To: freebsd-security@freebsd.org
Received: from w2xo.pgh.pa.us (w2xo.pgh.pa.us [206.210.70.5])
	by hub.freebsd.org (Postfix) with ESMTP id 95D28153DD
	for <freebsd-security@FreeBSD.ORG>; Tue, 27 Jul 1999 04:58:32 -0700 (PDT)
	(envelope-from durham@w2xo.pgh.pa.us)
Received: from w2xo.pgh.pa.us (shazam.internal [10.0.0.3])
	by w2xo.pgh.pa.us (8.9.2/8.9.1) with ESMTP id LAA64407;
	Tue, 27 Jul 1999 11:56:05 GMT
	(envelope-from durham@w2xo.pgh.pa.us)
Message-ID: <379D9E7A.894D5595@w2xo.pgh.pa.us>
Date: Tue, 27 Jul 1999 07:56:42 -0400
From: "James C. Durham" <durham@w2xo.pgh.pa.us>
Organization: dis-
X-Mailer: Mozilla 4.61 [en] (X11; U; FreeBSD 3.2-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Harold Gutch <logix@foobar.franken.de>
Cc: freebsd-security@FreeBSD.ORG, A_Johns@TurnAround.com.au
Subject: Re: ssh2 tunneling through firewall
References: <379BE9E6.48971781@w2xo.pgh.pa.us> <19990727115841.C14540@foobar.franken.de>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Harold Gutch wrote:
>                     ^^
> I don't use ssh2, but assuming that the syntax is the same as in
> ssh1, you're trying to bind to port 23, which won't work unless
> you're root. Does binding to a port higher than 1024 work ?
> 


I *was* root, but just for giggles, I tried a port > 1024
and got the same results.

Andrew Johns wrote:
>> I'm guessing, but do you need to specify your full localhost name as it
> would be visible to the remote host, instead of using 'localhost' which
> might be confusing the remote side as it may be trying to connect to
> itself on port 23 via port 23 -> leading to its confusion (and mine
> after that sentence :))
> 
> ie: does ssh2 -R 23:your.fully.qualified.local.host.name:23
> remote.host.xx.yy work any better?

Nope, tried that too, as well as the numeric IP address.
8-).

The error message says "Operation denied by the server".
This is a little confusing... the message is coming from
the local machine, so the "server" would be the remote
host running sshd2. Checking /var/log/messages on the
remote machine says something like "Failed to open listen
on 0.0.0.0:23 . Hmmm... it looks like it's not getting
the address of the local machine.

Thanks for the input, folks, but I'm still getting nowhere!


-Jim Durham


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message