Re: ssh reverse port forwarding - ssh keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 18 September 2013 02:35, bruce <badouglas@xxxxxxxxx> wrote:
> Hey...
>
> testing out ssh port forwarding/reverse tunneling using sshkeys
>
> i've got the process of going from machineA to machineB using keys..
>
> The test doing ssh user@xxxxxxx -p 5011 works
>  - auto login using the ssh keys..
>

5011 is the sshd port on machine foo.com? Or is it forwarded somewhere?

> However, the test of going from machineB to machineB is a bit chaotic.
>

B to B? Is this what you meant?

> I've created the private/pub rsa key.. on the machineB for the user
> that will conduct the ssh connections, the id_rsa key was updated with
> the private key.
>
> The test then updated the machineA for the specified user with the
> updated pub key in the authorized_keys file
>
> The test also ensured the perms/owners on the machineA are correct.
>
> the issue I'm having is that the test is still requiring a password to
> complete the ssh session.
>

I'm not sure what 'the test' that's done all this stuff is. If you
want to say that all the permissions are correct fine, but something's
not working, so are you sure? Permissions must also be correct for the
~user/.ssh directory on machine B/foo.com for this to work. Private
key on machine A needs to be in ~tom/.ssh subdirectory and be
user-only accessible.

> I'm not sure if I have to do something else to the machineB given that
> the port forwarding/reverse tunnel essentially maps the port of the
> localhost to the port of machineA
>
> on machineB
>  ssh tom@localhost -p 1999
>
> which should use the private/pub keys to go through the tunnel to get
> back to machineA
>

I don't actually see any port forwarding in either of these commands.
It's possible this was discussed in the other thread. So I don't know
if your foo.com/B port to machine A forwarding is being done by a -R
in the first ssh to foo.com above or if there's a separate session
carrying foo.com:1999:machineA:22 (or whatever port on A).

> however, the process currently still asks for the password...
>
> thoughts/suggestions...

First thought is run ssh with the -v option to see what it's doing.

-- 
imalone
http://ibmalone.blogspot.co.uk
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux