我正在尝试在ssh服务器上设置本地到本地端口转发。我的目标是将本地端口12345
转发到同一本地计算机上的端口22
。不过,我得到connection refused
。
这是我正在运行的:
me@myHost:~$ ssh -L 12345:localhost:22 10.1.1.6
[...]
Authenticated to 10.1.1.6 ([10.1.1.6]:22).
debug1: Local connections to LOCALHOST:12345 forwarded to remote address 127.0.0.1:22
debug1: Local forwarding listening on ::1 port 12345.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 12345.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
me@remoteHost:~$ ssh localhost -p 12345
ssh: connect to host localhost port 12345: Connection refused
me@remoteHost:~$ nc -v localhost 12345
nc: connect to localhost port 12345 (tcp) failed: Connection refused
nc: connect to localhost port 12345 (tcp) failed: Connection refused
debug1: Connection to port 12345 forwarding to localhost port 22 requested.
debug1: channel 3: new [direct-tcpip]
debug1: channel 3: free: direct-tcpip: listening port 12345 for localhost port 22, connect from ::1 port 59785 to ::1 port 12345, nchannels 4
它根本不起作用,这很奇怪,因为我已经设法在本地机器上使用完全相同的命令序列。
这是我在远程服务器上的清单。谷歌在搜索问题时调查了几个不同的东西:
(1)netstat输出:
root@remoteServer:~# netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 12791/sshd
tcp6 0 0 :::22 :::* LISTEN 12791/sshd
(2)/etc/hosts.allow
和/etc/hosts.deny
个文件:空
(3)配置文件:与本地计算机上的完全相同。 我删除了几条注释行以保持简短。
root@remoteHost:~# cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
第二个:
root@remoteHost:~# cat /etc/ssh/ssh_config
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
最后,在-L
标记中我使用了localhost
,[::1]
,10.1.1.6
(可路由的IP),127.0.0.1
,都无济于事。
答案 0 :(得分:1)
问题解决了。这是我自己的错,我把本地端口转发-L
与远程端口转发-R
完全混淆了。因此,首先没有问题。
我在写作时想通了:
me@myHost:~$ ssh -L 12345:localhost:22 10.1.1.6
12345
的本地端口myHost
被转发到 10.1.1.6
,然后远程主机将其转发到10.1.1.6:22
。< / p>
因此,输入me@remoteHost:~$ ssh localhost -p 12345
显然什么都不做,但输入me@myHost:~$ ssh localhost -p 12345
会启动ssh连接,因为myHost:12345
最终会转发到remoteHost:22
。