ssh reverse port forwarding - ssh keys
Ian Malone
ibmalone at gmail.com
Wed Sep 18 10:49:14 UTC 2013
On 18 September 2013 02:35, bruce <badouglas at gmail.com> wrote:
> Hey...
>
> testing out ssh port forwarding/reverse tunneling using sshkeys
>
> i've got the process of going from machineA to machineB using keys..
>
> The test doing ssh user at foo.com -p 5011 works
> - auto login using the ssh keys..
>
5011 is the sshd port on machine foo.com? Or is it forwarded somewhere?
> However, the test of going from machineB to machineB is a bit chaotic.
>
B to B? Is this what you meant?
> I've created the private/pub rsa key.. on the machineB for the user
> that will conduct the ssh connections, the id_rsa key was updated with
> the private key.
>
> The test then updated the machineA for the specified user with the
> updated pub key in the authorized_keys file
>
> The test also ensured the perms/owners on the machineA are correct.
>
> the issue I'm having is that the test is still requiring a password to
> complete the ssh session.
>
I'm not sure what 'the test' that's done all this stuff is. If you
want to say that all the permissions are correct fine, but something's
not working, so are you sure? Permissions must also be correct for the
~user/.ssh directory on machine B/foo.com for this to work. Private
key on machine A needs to be in ~tom/.ssh subdirectory and be
user-only accessible.
> I'm not sure if I have to do something else to the machineB given that
> the port forwarding/reverse tunnel essentially maps the port of the
> localhost to the port of machineA
>
> on machineB
> ssh tom at localhost -p 1999
>
> which should use the private/pub keys to go through the tunnel to get
> back to machineA
>
I don't actually see any port forwarding in either of these commands.
It's possible this was discussed in the other thread. So I don't know
if your foo.com/B port to machine A forwarding is being done by a -R
in the first ssh to foo.com above or if there's a separate session
carrying foo.com:1999:machineA:22 (or whatever port on A).
> however, the process currently still asks for the password...
>
> thoughts/suggestions...
First thought is run ssh with the -v option to see what it's doing.
--
imalone
http://ibmalone.blogspot.co.uk
More information about the users
mailing list