Topic: ssh tunnelling/port forwarding

[raleel]

I am looking to be able to use the web gui for admining through an ssh tunnel. currently, I am logging in like this

ssh -L 80:my.e-smith.box:80 my.e-smith.box

and I see the following message pop up in my ssh console:

channel 1: chan_shutdown_read: shutdown() failed for fd6 [i1 o128]: Transport endpoint is not connected


this smells like I am missing a port I need to forward...comments? I am using Charlie's openssh rpms.

[Gordon Rowell]

raleel wrote:

> I am looking to be able to use the web gui for admining through
> an ssh tunnel. currently, I am logging in like this
>
> ssh -L 80:my.e-smith.box:80 my.e-smith.box

This won't work unless you are root on your local machine as you are
forwarding port 80 locally to port 80 remotely. It also won't work if
you are running a web server on port 80 on the local machine.

I would tend to use something like (the local port number is arbitrary
as long as it is >1023).

ssh -L 8081:localhost:80 my.e-smith.box

The "localhost" says that the forward is to the _remote_ localhost - it
is also possible to forward to hosts which are remote to the remote
host, but you normally just want to forward to the other end of the
connection.

You would then connect your browser to localhost:8081

lynx http://localhost:8081/e-smith-manager

> and I see the following message pop up in my ssh console:
>
> channel 1: chan_shutdown_read: shutdown() failed for fd6 [i1
> o128]: Transport endpoint is not connected

Hmm, I'm getting that as well. That should be going to the SSH log
(if anywhere).

> this smells like I am missing a port I need to
> forward...comments? I am using Charlie's openssh rpms.

The forward above works for me, but I am getting those annoying messages
on the remote end. That needs to be turned off or redirected to the log, but can
be ignored for now.

Gordon

[Charlie Brady]

Gordon Rowell wrote:

> ssh -L 8081:localhost:80 my.e-smith.box
>
> The "localhost" says that the forward is to the
> _remote_ localhost - it is also possible to forward to hosts
> which are remote to the remote host, but you normally just want
> to forward to the other end of the connection.
>
> You would then connect your browser to localhost:8081
>
> lynx http://localhost:8081/e-smith-manager

If raleel is content to use lynx to run the manager, then there is no need to do port forwarding - just use ssh without port forwarding, and access the manager using lynx on the remote server. That is my recommended option in any case.

Regards

Charlie

[raleel]

Well, you are getting a better deal than me. Apparently I have some larger problem, because this forward is not working. I get 404's on my web server when I try to access /e-smith-manager through the ssh connection, even though my http.conf clearly allows the client to access those web pages. Same with /e-smith-password. An interesting problem, because I can use lynx on the e-smith box to view and modify the web pages. I am just unsatisfied with that

[raleel]

I doublechecked what you said and talked to some people, and gave it a try...it works now thanks for the input