Greetings, Here are the two hosts that I am trying to get SSH port forwarding to work: Host A: Running Slackware 12.0, SSH version 5.1 Host B: Running FreeBSD 5.5-stable, SSH version 3.8.1p1 The idea is to establish remote port forwarding by typing the following on Host A: ssh -v -l root -i [Host-B-Private-Key] -R 2222:localhost:22 Host-B -N and then follow that with using the tunnel to tunnel back from Host B to Host A: ssh -l [Host-A-Account] -i [Host-A-Private-Key] -p 2222 127.0.0.1 I have also generated keypairs for each machine by each machine (A generates its own, and B generates its own as well) so that the certificates will authenticate without the need of typing in any passphrases. Each sshd_config also enables public key authentication for version 2 of SSH. THE PROBLEM Right now, the first step works flawlessly. I am able to establish the port forwarding. It's the second command that I cannot get to work. For some odd reason, when I am trying to use the establish tunnel to tunnel back, I am being asked for the password for Host A's user account. When I do a verbose debug of the session, I see the following on Host B (the host that is trying to tunnel back using the new tunnel): OpenSSH_3.8.1p1 FreeBSD-20060930, OpenSSL 0.9.7e-p1 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222. debug1: Connection established. debug1: identity file [Host-A-Private-Key] type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1 debug1: match: OpenSSH_5.1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20060930 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '127.0.0.1' is known and matches the DSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug1: ssh_dss_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: [Host-A-Private-Key] debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password _bkup-metro@xxxxxxxxx's password: What I don't understand is why it is clearly allowing publickey method, and yet chooses to skip that method for some reason. Any suggestions or comments is greatly appreciated. Simon Chang