On 18 September 2013 02:35, bruce <badouglas@xxxxxxxxx> wrote: > Hey... > > testing out ssh port forwarding/reverse tunneling using sshkeys > > i've got the process of going from machineA to machineB using keys.. > > The test doing ssh user@xxxxxxx -p 5011 works > - auto login using the ssh keys.. > 5011 is the sshd port on machine foo.com? Or is it forwarded somewhere? > However, the test of going from machineB to machineB is a bit chaotic. > B to B? Is this what you meant? > I've created the private/pub rsa key.. on the machineB for the user > that will conduct the ssh connections, the id_rsa key was updated with > the private key. > > The test then updated the machineA for the specified user with the > updated pub key in the authorized_keys file > > The test also ensured the perms/owners on the machineA are correct. > > the issue I'm having is that the test is still requiring a password to > complete the ssh session. > I'm not sure what 'the test' that's done all this stuff is. If you want to say that all the permissions are correct fine, but something's not working, so are you sure? Permissions must also be correct for the ~user/.ssh directory on machine B/foo.com for this to work. Private key on machine A needs to be in ~tom/.ssh subdirectory and be user-only accessible. > I'm not sure if I have to do something else to the machineB given that > the port forwarding/reverse tunnel essentially maps the port of the > localhost to the port of machineA > > on machineB > ssh tom@localhost -p 1999 > > which should use the private/pub keys to go through the tunnel to get > back to machineA > I don't actually see any port forwarding in either of these commands. It's possible this was discussed in the other thread. So I don't know if your foo.com/B port to machine A forwarding is being done by a -R in the first ssh to foo.com above or if there's a separate session carrying foo.com:1999:machineA:22 (or whatever port on A). > however, the process currently still asks for the password... > > thoughts/suggestions... First thought is run ssh with the -v option to see what it's doing. -- imalone http://ibmalone.blogspot.co.uk -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org