ssh 本地端口到本地端口转发;拒绝连接
ssh local port to local port forwarding; connection refused
我正在尝试在 ssh 服务器上设置本地到本地的端口转发。我的目标是将本地端口 12345 转发到同一台本地计算机上的端口 22。不过,我得到 connection refused.
这就是我运行:
me@myHost:~$ ssh -L 12345:localhost:22 10.1.1.6
[...]
Authenticated to 10.1.1.6 ([10.1.1.6]:22).
debug1: Local connections to LOCALHOST:12345 forwarded to remote address 127.0.0.1:22
debug1: Local forwarding listening on ::1 port 12345.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 12345.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
me@remoteHost:~$ ssh localhost -p 12345
ssh: connect to host localhost port 12345: Connection refused
me@remoteHost:~$ nc -v localhost 12345
nc: connect to localhost port 12345 (tcp) failed: Connection refused
nc: connect to localhost port 12345 (tcp) failed: Connection refused
debug1: Connection to port 12345 forwarding to localhost port 22 requested.
debug1: channel 3: new [direct-tcpip]
debug1: channel 3: free: direct-tcpip: listening port 12345 for localhost port 22, connect from ::1 port 59785 to ::1 port 12345, nchannels 4
它根本不起作用,而且非常奇怪,因为我已经设法在我的本地计算机上使用完全相同的命令序列来完成它。
这是我在远程服务器上的清单。我在谷歌搜索这个问题时调查了几个不同的东西:
(1) 网络统计输出:
root@remoteServer:~# netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 12791/sshd
tcp6 0 0 :::22 :::* LISTEN 12791/sshd
(2) /etc/hosts.allow 和 /etc/hosts.deny 文件:空
(3) 配置文件: 和我本地机器上的完全一样。
为了简短起见,我删除了几行注释。
root@remoteHost:~# cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
第二个:
root@remoteHost:~# cat /etc/ssh/ssh_config
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
最后,在-L标志中我用了localhost,[::1],10.1.1.6(可路由的IP),127.0.0.1,都没有有用
问题已解决。这是我自己的错,我完全混淆了本地端口转发 -L 和远程端口转发 -R。所以,本来就没有问题。
写的时候想通了:
me@myHost:~$ ssh -L 12345:localhost:22 10.1.1.6
它是 myHost 的本地端口 12345 被转发 到 10.1.1.6 并且远程主机从那里转发它到 10.1.1.6:22.
因此,键入 me@remoteHost:~$ ssh localhost -p 12345 显然没有任何作用,但键入 me@myHost:~$ ssh localhost -p 12345 会启动 ssh 连接,因为 myHost:12345 最终会转发到 remoteHost:22。
我正在尝试在 ssh 服务器上设置本地到本地的端口转发。我的目标是将本地端口 12345 转发到同一台本地计算机上的端口 22。不过,我得到 connection refused.
这就是我运行:
me@myHost:~$ ssh -L 12345:localhost:22 10.1.1.6
[...]
Authenticated to 10.1.1.6 ([10.1.1.6]:22).
debug1: Local connections to LOCALHOST:12345 forwarded to remote address 127.0.0.1:22
debug1: Local forwarding listening on ::1 port 12345.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 12345.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
me@remoteHost:~$ ssh localhost -p 12345
ssh: connect to host localhost port 12345: Connection refused
me@remoteHost:~$ nc -v localhost 12345
nc: connect to localhost port 12345 (tcp) failed: Connection refused
nc: connect to localhost port 12345 (tcp) failed: Connection refused
debug1: Connection to port 12345 forwarding to localhost port 22 requested.
debug1: channel 3: new [direct-tcpip]
debug1: channel 3: free: direct-tcpip: listening port 12345 for localhost port 22, connect from ::1 port 59785 to ::1 port 12345, nchannels 4
它根本不起作用,而且非常奇怪,因为我已经设法在我的本地计算机上使用完全相同的命令序列来完成它。
这是我在远程服务器上的清单。我在谷歌搜索这个问题时调查了几个不同的东西:
(1) 网络统计输出:
root@remoteServer:~# netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 12791/sshd
tcp6 0 0 :::22 :::* LISTEN 12791/sshd
(2) /etc/hosts.allow 和 /etc/hosts.deny 文件:空
(3) 配置文件: 和我本地机器上的完全一样。 为了简短起见,我删除了几行注释。
root@remoteHost:~# cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
第二个:
root@remoteHost:~# cat /etc/ssh/ssh_config
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
最后,在-L标志中我用了localhost,[::1],10.1.1.6(可路由的IP),127.0.0.1,都没有有用
问题已解决。这是我自己的错,我完全混淆了本地端口转发 -L 和远程端口转发 -R。所以,本来就没有问题。
写的时候想通了:
me@myHost:~$ ssh -L 12345:localhost:22 10.1.1.6
它是 myHost 的本地端口 12345 被转发 到 10.1.1.6 并且远程主机从那里转发它到 10.1.1.6:22.
因此,键入 me@remoteHost:~$ ssh localhost -p 12345 显然没有任何作用,但键入 me@myHost:~$ ssh localhost -p 12345 会启动 ssh 连接,因为 myHost:12345 最终会转发到 remoteHost:22。