SSH port forwarding since 10.3

momerath · 04-08-2004, 10:04 AM

With 10.2, I could, without modifying my sshd config files, ssh into my computer and tunnel VNC through it. I used the command:

Code:

ssh -L 5901:remotehost:5900 user@remotehost

However, since upgrading to 10.3, attempting to run the vnc client gives an error in my ssh session:

Code:

channel 2: open failed: connect failed: Connection refused

(The ssh gives the error, not the vnc server or client.)

I'm sure I set up the vnc server right, and I think that this should work (it worked for me before).

Anyway, all help will be appreciated.

breen · 04-08-2004, 10:13 AM

If it's an ssh error, start the ssh session with -v -v to get more details. If necessary, post the output here and we'll take a look.

momerath · 04-13-2004, 09:46 AM

Here is the ssh debug output:

Code:

debug1: Connection to port 5900 forwarding to localhost port 5900 requested.
debug1: fd 8 setting TCP_NODELAY
debug1: fd 8 setting O_NONBLOCK
debug2: fd 8 is O_NONBLOCK
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel_free: channel 2: direct-tcpip: listening port 5900 for localhost port 5900, connect from 127.0.0.1 port 33012, nchannels 3

This is using OSXvnc on the remote computer. When I try to connect to localhost:5900 from it (with no ssh forwarding) it works.

huskerchad · 04-13-2004, 10:56 AM

Can you ssh in normally, without doing any port forwarding? If you did a clean install of 10.3, your host key likely changed so you will need to update that on the remote machine.

momerath · 04-13-2004, 11:06 AM

Yes, I can ssh in normally. I can even do X11 forwarding over ssh after modifying my sshd_config file.

carouzal · 04-13-2004, 11:17 AM

I have always used:

ssh -C -N -L 5900:255.255.255.255:5900 user@255.255.255.255

Replace 255.255.255.255 with proper addresses, this works for Connecting
to my Mac at home and to a Fedora Linux box at work without any
conf editing in 10.3.3.

I usually alias these in .bashrc to something easier to type.

Copy the contents of ~/.profile to ~/.bashrc then have the only line in
~/.profile as "source ~/.bashrc" then add all your shell variables and commands to ~/.bashrc.

example bashrc file
--------------------------------------------------------------
export PATH=$PATH:/Some/Custom/Path

alias remote='ssh -C -N -L 5900:255.255.255.255:5900 user@255.255.255.255'
--------------------------------------------------------------
By sourcing .bashrc from your .profile you ensure that your shell environment will be the same in X11 as it is in the Terminal.app.

momerath · 04-13-2004, 10:59 PM

-C enables compression, and -N is the "Do not execute a shell or command" option (whatever that means). There is no difference from that and the command I was executing. I'm still sure it's not a problem with my vnc server, as I can access it at localhost:5900 when I'm on my own computer.

The question should be, why do I get an ssh error when I try to connect?

Code:

channel 2: open failed: connect failed: Connection refused

stetner · 04-14-2004, 06:23 PM

Are you sure that the VNC server is running? Maybe show us the output from:

Code:

$ ps -aux | grep -i vnc
root      284   0.0  0.1    18644    576  ??  S    Mon03PM   0:00.01 sh /Library/StartupItems/OSXvnc/OSXvnc-keepalive /Users/stetner/Applications/OSXv
root      285   0.0  0.3    69544   2356  ??  S    Mon03PM   0:00.25 /Users/stetner/Applications/OSXvnc.app/OSXvnc-server -rfbport 5900 -desktop strid
stetner  8344   0.0  0.0    18172    340 std  S+    9:21AM   0:00.01 grep -i vnc

$ netstat -na | grep 5900
tcp4       0      0  *.5900                 *.*                    LISTEN

On your server.

mrichar1 · 04-14-2004, 06:29 PM

Try -L 5900:127.0.0.1:5900 instead of -L 5900:localhost:5900.

I had the same problem then I read this suggestion somewhere. Apparently it is because OpenSSH is (now?) IPv6 aware, so you need to explicitly use an IPv4 address or it might get confused.

I actually had to use port 5901 cause it seems like remote desktop is now binding to 5900.

I spent WAAAAY too long trying to fix this problem. Hope it works for you.

jhrfc1 · 04-21-2004, 10:45 AM

Has anybody found a solution to this yet. I have exactly the same problem as the first poster.
I can VNC directly between the machines.
I can ssh between the machines fine, not using port forwarding.

I get the same connection refused error when I try port forwarding.

I'm running 10.3.3

Is it to do with IPv6 or sshd running as a service, two things new in Panther.

It's driving me nuts!

jhrfc1 · 04-23-2004, 10:58 AM

I might be talking to myself here, but this now works!
How? By installing Apples "Security update 2004-04-05" which amoung other things updates openSSH.
On the on the one hand i'm glad, on the other I'm annoyed that I spent a whole day trying to fix something that was an os bug.

momerath · 04-29-2004, 08:08 PM

I managed to get mine working as well.

What seems to be the problem (from all the different ways of doing this) was that osxvnc didn't like "localhost" as being part of the port forwarding command.

Whereas neither

Code:

ssh -L 5900:localhost:5900 foo@bar

nor

Code:

ssh -L 5900:bar:5900 foo@bar

worked,

Code:

ssh -L 5900:127.0.0.1:5900 foo@bar

did.

Very strange. And I can attest to the fact that that strange behavior only started in 10.3.

EDIT:

I just noticed that an above poster explained why. That is not very polite of openSSH. :P

DominikHoffmann · 02-19-2008, 01:51 PM

Quote:

Originally Posted by mrichar1


	Try -L 5900:127.0.0.1:5900 instead of -L 5900:localhost:5900. I had the same problem then I read this suggestion somewhere. Apparently it is because OpenSSH is (now?) IPv6 aware, so you need to explicitly use an IPv4 address or it might get confused.

I just ran into this when trying to use Leopard's Screen Sharing utility with a Tiger (10.4.11) system. Once I used 127.0.0.1 instead of "localhost" I was able to make the connection without problems. Doing VNC port forwarding via SSH had never been a problem going from one Leopard system to another, even with "localhost".

I'd love to hear a good explanation for this. How could a Unix utility like ssh be even aware of whether "localhost" or 127.0.0.1 was used?

Dominik Hoffmann

Branko Husarik · 06-26-2012, 04:38 AM

Hello, I know it is not much relevant to this topic, but I get same error message as you in Centos6.2. I have found it was caused by another pc, which was using same IP adress. I changed my IP adress and its working well now.

04-08-2004, 10:04 AM	#1
momerath Triple-A Player Join Date: Feb 2003 Posts: 59	SSH port forwarding since 10.3 With 10.2, I could, without modifying my sshd config files, ssh into my computer and tunnel VNC through it. I used the command: Code: ssh -L 5901:remotehost:5900 user@remotehost However, since upgrading to 10.3, attempting to run the vnc client gives an error in my ssh session: Code: channel 2: open failed: connect failed: Connection refused (The ssh gives the error, not the vnc server or client.) I'm sure I set up the vnc server right, and I think that this should work (it worked for me before). Anyway, all help will be appreciated.

04-13-2004, 10:59 PM	#7
momerath Triple-A Player Join Date: Feb 2003 Posts: 59	-C enables compression, and -N is the "Do not execute a shell or command" option (whatever that means). There is no difference from that and the command I was executing. I'm still sure it's not a problem with my vnc server, as I can access it at localhost:5900 when I'm on my own computer. The question should be, why do I get an ssh error when I try to connect? Code: channel 2: open failed: connect failed: Connection refused

04-29-2004, 08:08 PM	#12
momerath Triple-A Player Join Date: Feb 2003 Posts: 59	I managed to get mine working as well. What seems to be the problem (from all the different ways of doing this) was that osxvnc didn't like "localhost" as being part of the port forwarding command. Whereas neither Code: ssh -L 5900:localhost:5900 foo@bar nor Code: ssh -L 5900:bar:5900 foo@bar worked, Code: ssh -L 5900:127.0.0.1:5900 foo@bar did. Very strange. And I can attest to the fact that that strange behavior only started in 10.3. EDIT: I just noticed that an above poster explained why. That is not very polite of openSSH. :P Last edited by momerath; 04-29-2004 at 08:22 PM.

06-26-2012, 04:38 AM	#14
Branko Husarik Registered User Join Date: Jun 2012 Posts: 1	Same fail message in CentOS Hello, I know it is not much relevant to this topic, but I get same error message as you in Centos6.2. I have found it was caused by another pc, which was using same IP adress. I changed my IP adress and its working well now.

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

04-08-2004, 10:13 AM	#2
breen Major Leaguer Join Date: Jan 2003 Location: Bay Area Posts: 327	If it's an ssh error, start the ssh session with -v -v to get more details. If necessary, post the output here and we'll take a look.

04-13-2004, 10:56 AM	#4
huskerchad Major Leaguer Join Date: Feb 2004 Posts: 278	Can you ssh in normally, without doing any port forwarding? If you did a clean install of 10.3, your host key likely changed so you will need to update that on the remote machine.

04-13-2004, 11:06 AM	#5
momerath Triple-A Player Join Date: Feb 2003 Posts: 59	Yes, I can ssh in normally. I can even do X11 forwarding over ssh after modifying my sshd_config file.

04-13-2004, 11:17 AM	#6
carouzal Triple-A Player Join Date: Jan 2003 Location: Geneva, NY Posts: 235	I have always used: ssh -C -N -L 5900:255.255.255.255:5900 user@255.255.255.255 Replace 255.255.255.255 with proper addresses, this works for Connecting to my Mac at home and to a Fedora Linux box at work without any conf editing in 10.3.3. I usually alias these in .bashrc to something easier to type. Copy the contents of ~/.profile to ~/.bashrc then have the only line in ~/.profile as "source ~/.bashrc" then add all your shell variables and commands to ~/.bashrc. example bashrc file -------------------------------------------------------------- export PATH=$PATH:/Some/Custom/Path alias remote='ssh -C -N -L 5900:255.255.255.255:5900 user@255.255.255.255' -------------------------------------------------------------- By sourcing .bashrc from your .profile you ensure that your shell environment will be the same in X11 as it is in the Terminal.app.

04-14-2004, 06:29 PM	#9
mrichar1 Prospect Join Date: Apr 2004 Posts: 1	Try -L 5900:127.0.0.1:5900 instead of -L 5900:localhost:5900. I had the same problem then I read this suggestion somewhere. Apparently it is because OpenSSH is (now?) IPv6 aware, so you need to explicitly use an IPv4 address or it might get confused. I actually had to use port 5901 cause it seems like remote desktop is now binding to 5900. I spent WAAAAY too long trying to fix this problem. Hope it works for you.

04-21-2004, 10:45 AM	#10
jhrfc1 Prospect Join Date: Apr 2004 Posts: 2	Has anybody found a solution to this yet. I have exactly the same problem as the first poster. I can VNC directly between the machines. I can ssh between the machines fine, not using port forwarding. I get the same connection refused error when I try port forwarding. I'm running 10.3.3 Is it to do with IPv6 or sshd running as a service, two things new in Panther. It's driving me nuts!

04-23-2004, 10:58 AM	#11
jhrfc1 Prospect Join Date: Apr 2004 Posts: 2	I might be talking to myself here, but this now works! How? By installing Apples "Security update 2004-04-05" which amoung other things updates openSSH. On the on the one hand i'm glad, on the other I'm annoyed that I spent a whole day trying to fix something that was an os bug.