tunneling ssh

Hi, I have a problem with tunneling... I have 2 remote machines pc1 and pc2
and my computer (pc0). pc0 and pc1 are connected do Internet pc2 only to
pc2. I need to access to pc2, now I do:

ssh user1@pc1 -X
pass ******
ssh user2@pc2 -X
pass ******

and all word, but I want to do all with one command for using:
1) sincronising folder between pc0 and pc2
2) copy big file from pc2 to pc0 using only one step (on pc1 I have few
memory space)

On Sun, 24 Jun 2007 18:57:33 +0200, wiso wrote:

> Hi, I have a problem with tunneling... I have 2 remote machines pc1 and
> pc2 and my computer (pc0). pc0 and pc1 are connected do Internet pc2
> only to pc2.

I assume you mean that pc2 is connected only to pc1, right?

> I need to access to pc2, now I do:
>
> ssh user1@pc1 -X
> pass ******
> ssh user2@pc2 -X
> pass ******
>
> and all word, but I want to do all with one command for using: 1)
> sincronising folder between pc0 and pc2 2) copy big file from pc2 to pc0
> using only one step (on pc1 I have few memory space)

To summarize:

Machine pc0 is in the Internet.

Machine pc1 is in the Internet.

pc0 can get into pc1 via SSH.

pc1 can access pc2 via SSH.

pc2 is not directly accessible from pc0.

pc2 is listening for incoming SSH connections at port (say) 222.

In order to SSH into pc2 from pc0 we do the following on pc0:

ssh -fngT -L 3022c2:222 -C pc1 ping -i 30 localhost > /dev/null
2>&1

ssh -p 3022 localhost

If in pc0 we add to .ssh/config the entry

Host pc2
HostName localhost
HostKeyAlias pc2
User <Username on pc2>
Port 3022

then we can get from pc0 to pc2 by means of

ssh pc2

K. Jennings wrote:

>
> To summarize:
>
> Machine pc0 is in the Internet.
>
> Machine pc1 is in the Internet.
>
> pc0 can get into pc1 via SSH.
>
> pc1 can access pc2 via SSH.
>
> pc2 is not directly accessible from pc0.

ok
> pc2 is listening for incoming SSH connections at port (say) 222.

How can I determine it (the number of the port)?

> In order to SSH into pc2 from pc0 we do the following on pc0:
>
> ssh -fngT -L 3022c2:222 -C pc1 ping -i 30 localhost > /dev/null
> 2>&1

I get:
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 3022
Could not request local forwarding.

by pc2 do you mean user2@pc2, right? Thanks.

On Mon, 25 Jun 2007 20:59:14 +0200, wiso wrote:

> K. Jennings wrote:
>
>
>> To summarize:
>>
>> Machine pc0 is in the Internet.
>>
>> Machine pc1 is in the Internet.
>>
>> pc0 can get into pc1 via SSH.
>>
>> pc1 can access pc2 via SSH.
>>
>> pc2 is not directly accessible from pc0.
>
> ok
>> pc2 is listening for incoming SSH connections at port (say)
>> 222.
>
> How can I determine it (the number of the port)?

You'll have to ask pc2's sysadmin. Chances are anyway that it is
listening on the default port: 22.

>> In order to SSH into pc2 from pc0 we do the following on pc0:
>>
>> ssh -fngT -L 3022c2:222 -C pc1 ping -i 30 localhost >
>> /dev/null
>> 2>&1
>
> I get:
> bind: Address already in use
> channel_setup_fwd_listener: cannot listen to port: 3022 Could not
> request local forwarding.

Well, change that 222 to 22, and try again. I kind of doubt that
you have some application using port 3022 already. Feel free to try other
port number though.

> by pc2 do you mean user2@pc2, right? Thanks.

Yes, whatever you have put in your .ssh/config file in that
respect.

K. Jennings wrote:

> On Mon, 25 Jun 2007 20:59:14 +0200, wiso wrote:
>
>> K. Jennings wrote:
>>
>>
>>> To summarize:
>>>
>>> Machine pc0 is in the Internet.
>>>
>>> Machine pc1 is in the Internet.
>>>
>>> pc0 can get into pc1 via SSH.
>>>
>>> pc1 can access pc2 via SSH.
>>>
>>> pc2 is not directly accessible from pc0.
>>
>> ok
>>> pc2 is listening for incoming SSH connections at port (say)
>>> 222.
>>
>> How can I determine it (the number of the port)?
>
> You'll have to ask pc2's sysadmin. Chances are anyway that it is
> listening on the default port: 22.
>
>>> In order to SSH into pc2 from pc0 we do the following on pc0:
>>>
>>> ssh -fngT -L 3022c2:222 -C pc1 ping -i 30 localhost >
>>> /dev/null
>>> 2>&1
>>
>> I get:
>> bind: Address already in use
>> channel_setup_fwd_listener: cannot listen to port: 3022 Could not
>> request local forwarding.
>
> Well, change that 222 to 22, and try again. I kind of doubt that
> you have some application using port 3022 already. Feel free to try other
> port number though.

I try with port 22, but nothing change. How can I free port 3022? I've done
a netstat and there isn't the 3022 port

On Mon, 25 Jun 2007 22:31:44 +0200, wiso wrote:

> K. Jennings wrote:
>
>> On Mon, 25 Jun 2007 20:59:14 +0200, wiso wrote:
>>
>>> K. Jennings wrote:
>>>
>>>
>>>> To summarize:
>>>>
>>>> Machine pc0 is in the Internet.
>>>>
>>>> Machine pc1 is in the Internet.
>>>>
>>>> pc0 can get into pc1 via SSH.
>>>>
>>>> pc1 can access pc2 via SSH.
>>>>
>>>> pc2 is not directly accessible from pc0.
>>>
>>> ok
>>>> pc2 is listening for incoming SSH connections at port (say)
>>>> 222.
>>>
>>> How can I determine it (the number of the port)?
>>
>> You'll have to ask pc2's sysadmin. Chances are anyway that it is
>> listening on the default port: 22.
>>
>>>> In order to SSH into pc2 from pc0 we do the following on pc0:
>>>>
>>>> ssh -fngT -L 3022c2:222 -C pc1 ping -i 30 localhost >
>>>> /dev/null
>>>> 2>&1
>>>
>>> I get:
>>> bind: Address already in use
>>> channel_setup_fwd_listener: cannot listen to port: 3022 Could not
>>> request local forwarding.
>>
>> Well, change that 222 to 22, and try again. I kind of doubt that you
>> have some application using port 3022 already. Feel free to try other
>> port number though.
>
> I try with port 22, but nothing change. How can I free port 3022? I've
> done a netstat and there isn't the 3022 port

Like I said, you can always try other port numbers; there is
nothing magical about 3022. I wonder if the problem is elsewhere?

In the ssh -fngT line above, what is it that you are using for
pc1 and pc2? They should resolve to valid IP addresses in the end, be it
directly thanks to the resolver, or with appropriate entries in your .ssh/
config file.

Try with the following .ssh/config file:

Host pc1
HostName <IP address of pc1 as seen from pc0>
HostKeyAlias pc1
User <Your user name in pc1>
Port <Port number at which pc1 is listening for incoming SSH connections>

Host pc2
HostName localhost
HostKeyAlias pc2
User <Your user name in pc1>
Port <First port number used in the ssh -fngT command>

>>>> K. Jennings wrote:
>>>>
>>>>
>>>>> To summarize:
>>>>>
>>>>> Machine pc0 is in the Internet.
>>>>>
>>>>> Machine pc1 is in the Internet.
>>>>>
>>>>> pc0 can get into pc1 via SSH.
>>>>>
>>>>> pc1 can access pc2 via SSH.
>>>>>
>>>>> pc2 is not directly accessible from pc0.
>>>>
>>>> ok
>>>>> pc2 is listening for incoming SSH connections at port (say)
>>>>> 222.
>>>>

> Try with the following .ssh/config file:
>
> Host pc1
> HostName <IP address of pc1 as seen from pc0>
> HostKeyAlias pc1
> User <Your user name in pc1>
> Port <Port number at which pc1 is listening for incoming SSH connections>
>
> Host pc2
> HostName localhost
> HostKeyAlias pc2
> User <Your user name in pc1>
> Port <First port number used in the ssh -fngT command>

I ask you to be patient one more time...
this is my ./ssh/config on my computer (pc0):

Host moby
HostName moby.mib.infn.it
HostKeyAlias moby.mib.infn.it
User turra
Port 22

Host crio
HostName localhost
HostKeyAlias crio
User turra
Port 3022

pc1 is moby, pc2 is crio

I try:
ssh -fngT -L 3022:turra@crio:222 -C (E-Mail Removed) ping -i 30
localhost > /dev/null 2>&1

and I get:
(E-Mail Removed)'s password:
ok

I try:
ssh crio
and I get:
channel 2: open failed: connect failed: Connection refused
ssh_exchange_identification: Connection closed by remote host

On Tue, 26 Jun 2007 23:26:02 +0200, wiso wrote:

>>>>> K. Jennings wrote:
>>>>>
>>>>>
>>>>>> To summarize:
>>>>>>
>>>>>> Machine pc0 is in the Internet.
>>>>>>
>>>>>> Machine pc1 is in the Internet.
>>>>>>
>>>>>> pc0 can get into pc1 via SSH.
>>>>>>
>>>>>> pc1 can access pc2 via SSH.
>>>>>>
>>>>>> pc2 is not directly accessible from pc0.
>>>>>
>>>>> ok
>>>>>> pc2 is listening for incoming SSH connections at port (say)
>>>>>> 222.
>>>>>
>>>>>
>> Try with the following .ssh/config file:
>>
>> Host pc1
>> HostName <IP address of pc1 as seen from pc0> HostKeyAlias pc1
>> User <Your user name in pc1>
>> Port <Port number at which pc1 is listening for incoming SSH
>> connections>
>>
>> Host pc2
>> HostName localhost
>> HostKeyAlias pc2
>> User <Your user name in pc1>
>> Port <First port number used in the ssh -fngT command>
>
> I ask you to be patient one more time... this is my ./ssh/config on my
> computer (pc0):
>
> Host moby
> HostName moby.mib.infn.it
> HostKeyAlias moby.mib.infn.it
> User turra
> Port 22
>
> Host crio
> HostName localhost
> HostKeyAlias crio
> User turra
> Port 3022
>
> pc1 is moby, pc2 is crio
>
> I try:
> ssh -fngT -L 3022:turra@crio:222 -C (E-Mail Removed) ping -i 30
> localhost > /dev/null 2>&1
>
> and I get:
> (E-Mail Removed)'s password:
> ok
>
> I try:
> ssh crio
> and I get:
> channel 2: open failed: connect failed: Connection refused
> ssh_exchange_identification: Connection closed by remote host

Maybe you should change your .ssh/config file to read as follows:

Host moby
HostName moby.mib.infn.it
HostKeyAlias moby
User turra

Host crio
HostName localhost
HostKeyAlias crio
User turra
Port 3022

This aside, I think that what is happening is that crio is not
listening for incoming SSH connections at port 222. Chances are that it
is listening on the standard port 22, but you'll have to find out.
Anyway, assuming it is 22 indeed, and that you changed .ssh/config as
above you should try the following:

ssh -fngT -L 3022:crio:22 -C moby ping -i 30 localhost > /dev/
null 2>&1

After typing your password at the prompt that you should get,
executing

ssh crio

should elicit crio's password prompt - assuming, of course, that crio
supports password authentication. If you install your relevant public
keys in moby and crio, you'll be able to get in without typing a password.

K. Jennings wrote:

> On Tue, 26 Jun 2007 23:26:02 +0200, wiso wrote:
>
>>>>>> K. Jennings wrote:
>>>>>>
>>>>>>
>>>>>>> To summarize:
>>>>>>>
>>>>>>> Machine pc0 is in the Internet.
>>>>>>>
>>>>>>> Machine pc1 is in the Internet.
>>>>>>>
>>>>>>> pc0 can get into pc1 via SSH.
>>>>>>>
>>>>>>> pc1 can access pc2 via SSH.
>>>>>>>
>>>>>>> pc2 is not directly accessible from pc0.
>>>>>>
>>>>>> ok
>>>>>>> pc2 is listening for incoming SSH connections at port (say)
>>>>>>> 222.
>>>>>>
>>>>>>
>>> Try with the following .ssh/config file:
>>>
>>> Host pc1
>>> HostName <IP address of pc1 as seen from pc0> HostKeyAlias pc1
>>> User <Your user name in pc1>
>>> Port <Port number at which pc1 is listening for incoming SSH
>>> connections>
>>>
>>> Host pc2
>>> HostName localhost
>>> HostKeyAlias pc2
>>> User <Your user name in pc1>
>>> Port <First port number used in the ssh -fngT command>
>>
>> I ask you to be patient one more time... this is my ./ssh/config on my
>> computer (pc0):
>>
>> Host moby
>> HostName moby.mib.infn.it
>> HostKeyAlias moby.mib.infn.it
>> User turra
>> Port 22
>>
>> Host crio
>> HostName localhost
>> HostKeyAlias crio
>> User turra
>> Port 3022
>>
>> pc1 is moby, pc2 is crio
>>
>> I try:
>> ssh -fngT -L 3022:turra@crio:222 -C (E-Mail Removed) ping -i 30
>> localhost > /dev/null 2>&1
>>
>> and I get:
>> (E-Mail Removed)'s password:
>> ok
>>
>> I try:
>> ssh crio
>> and I get:
>> channel 2: open failed: connect failed: Connection refused
>> ssh_exchange_identification: Connection closed by remote host
>
> Maybe you should change your .ssh/config file to read as follows:
>
> Host moby
> HostName moby.mib.infn.it
> HostKeyAlias moby
> User turra
>
> Host crio
> HostName localhost
> HostKeyAlias crio
> User turra
> Port 3022

ok

> This aside, I think that what is happening is that crio is not
> listening for incoming SSH connections at port 222. Chances are that it
> is listening on the standard port 22, but you'll have to find out.


how can find it?

> Anyway, assuming it is 22 indeed, and that you changed .ssh/config as
> above you should try the following:
>
> ssh -fngT -L 3022:crio:22 -C moby ping -i 30 localhost > /dev/
> null 2>&1
>
> After typing your password at the prompt that you should get,
> executing
>
> ssh crio
>

now I get only: ssh_exchange_identification: Connection closed by remote
host

On Thu, 28 Jun 2007 19:05:48 +0200, wiso wrote:

> K. Jennings wrote:
>
>> On Tue, 26 Jun 2007 23:26:02 +0200, wiso wrote:
>>
>>>>>>> K. Jennings wrote:
>>>>>>>
>>>>>>>
>>>>>>>> To summarize:
>>>>>>>>
>>>>>>>> Machine pc0 is in the Internet.
>>>>>>>>
>>>>>>>> Machine pc1 is in the Internet.
>>>>>>>>
>>>>>>>> pc0 can get into pc1 via SSH.
>>>>>>>>
>>>>>>>> pc1 can access pc2 via SSH.
>>>>>>>>
>>>>>>>> pc2 is not directly accessible from pc0.
>>>>>>>
>>>>>>> ok
>>>>>>>> pc2 is listening for incoming SSH connections at port
>>>>>>>> (say) 222.
>>>>>>>
>>>>>>>
>>>> Try with the following .ssh/config file:
>>>>
>>>> Host pc1
>>>> HostName <IP address of pc1 as seen from pc0> HostKeyAlias pc1 User
>>>> <Your user name in pc1>
>>>> Port <Port number at which pc1 is listening for incoming SSH
>>>> connections>
>>>>
>>>> Host pc2
>>>> HostName localhost
>>>> HostKeyAlias pc2
>>>> User <Your user name in pc1>
>>>> Port <First port number used in the ssh -fngT command>
>>>
>>> I ask you to be patient one more time... this is my ./ssh/config on my
>>> computer (pc0):
>>>
>>> Host moby
>>> HostName moby.mib.infn.it
>>> HostKeyAlias moby.mib.infn.it
>>> User turra
>>> Port 22
>>>
>>> Host crio
>>> HostName localhost
>>> HostKeyAlias crio
>>> User turra
>>> Port 3022
>>>
>>> pc1 is moby, pc2 is crio
>>>
>>> I try:
>>> ssh -fngT -L 3022:turra@crio:222 -C (E-Mail Removed) ping -i 30
>>> localhost > /dev/null 2>&1
>>>
>>> and I get:
>>> (E-Mail Removed)'s password:
>>> ok
>>>
>>> I try:
>>> ssh crio
>>> and I get:
>>> channel 2: open failed: connect failed: Connection refused
>>> ssh_exchange_identification: Connection closed by remote host
>>
>> Maybe you should change your .ssh/config file to read as follows:
>>
>> Host moby
>> HostName moby.mib.infn.it
>> HostKeyAlias moby
>> User turra
>>
>> Host crio
>> HostName localhost
>> HostKeyAlias crio
>> User turra
>> Port 3022
>
> ok
>
>> This aside, I think that what is happening is that crio is not
>> listening for incoming SSH connections at port 222. Chances are that it
>> is listening on the standard port 22, but you'll have to find out.
>
>
> how can find it?

Can't you ask crio's sysadmin? You can always telnet at different
ports in order to find out, but this would be a long, tedious approach.

>
>> Anyway, assuming it is 22 indeed, and that you changed .ssh/config as
>> above you should try the following:
>>
>> ssh -fngT -L 3022:crio:22 -C moby ping -i 30 localhost > /dev/ null
>> 2>&1
>>
>> After typing your password at the prompt that you should get, executing
>>
>> ssh crio
>>
>>
> now I get only: ssh_exchange_identification: Connection closed by remote
> host

Which is exactly what I get in my tests when I use the wrong port
number for crio's counterpart in my network.

Can you ssh from your box to moby without any problems? Once in
moby, can you ssh into crio all right?