dnoland Posted March 24, 2008 Share Posted March 24, 2008 I am trying to configure synergy to run over ssh to secure it... but I have very little experience tunneling with ssh. In order to solve this problem I need to ssh over port 24800, like so ssh -L 24800:remote-host:24800 I made very sure that I am correctly forwarding port 24800 in my router/firewall config... and all I get when running that command is this... $ ssh -L 24800:hal:24800 usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-e escape_char] [-F configfile] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-R [bind_address:]port:host:hostport] [-S ctl_path] [-w local_tun[:remote_tun]] [user@]hostname [command] Any thoughts??? Any help if greatly appreciated... Quote Link to comment Share on other sites More sharing options...
rhodesa Posted March 24, 2008 Share Posted March 24, 2008 Not sure how to answer this specifically, but I use stunnel for this kind of stuff, you may want to check that out. http://www.stunnel.org/ Quote Link to comment Share on other sites More sharing options...
neylitalo Posted March 24, 2008 Share Posted March 24, 2008 the "bindaddress" part of the command isn't a port number, but the local IP address that you want to use for the connection. And the -L switch is way more than what you want. Just do this: $ ssh -p 24800 remotehost Quote Link to comment Share on other sites More sharing options...
dnoland Posted March 24, 2008 Author Share Posted March 24, 2008 rhodesa: I may look into using a different program like stunnel, but my school machines are using ssh and not stunnel, so even if that works for this problem, I would still like to be able to tunnel from school to home... thanks for the suggestion... neylitalo: The following is straight from the man page of ssh: -L [bind_address:]port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a sockjjjkjket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the con‐ figuration file. IPv6 addresses can be specified with an alternative syntax: [bind_address/]port/host/hostport or by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indi‐ cates that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces. Forgive me if I am confused, (I very likely am), but I would interpret this to mean that the L option is expecting 2 ports, the host name and *optionally* the "bind address" (hence the square brackets). Something about this does not make sense to me, because the host name should already define the IP address of the machine I am trying to connect to. Wouldn't this make the "bind address" redundant??? Correct me if I am wrong, but all the host name is is an alias for a static IP defined in /etc/hosts... Further, I had noticed that their was a -p option for ssh, but decided to try and stick with the guide I was using to secure synergy, which uses the -L option. At your sugestion, I modified my /etc/ssh/sshd_config file to include Port 24800 and then restarted my ssh... sudo /etc/init.d/ssh restart to make sure ssh was up to date with the config file... I then made sure that my port 24800 was being forwarded through my router to my machine. Then at my remote host I did this ssh -p 24800 host_name and I get this... ssh_exchange_identification: Connection closed by remote host Not sure why this would be happening, either... I really did not think that this would be difficult at all... oh well... at least I will learn something... Thank you... Quote Link to comment Share on other sites More sharing options...
neylitalo Posted March 25, 2008 Share Posted March 25, 2008 Well, if you need the outgoing port to be 24800, then you need -L, but I really don't think you need any particular port. If you want to follow the synergy instructions and use -L, I only have one suggestion: ssh -L 24800:hostname:24800 hostname I'm guessing that it's dying because you haven't given it the (mandatory) hostname argument at the very end. Quote Link to comment Share on other sites More sharing options...
dnoland Posted March 25, 2008 Author Share Posted March 25, 2008 neylitalo: Ok... so that was clearly me being very careless... leaving out the hostname at the end... $ ssh -L 24800:host:24800 host Does the trick... however $ ssh -p 24800 host Still dies... with ssh_exchange_identification: Connection closed by remote host So obviously something is configured incorrectly somewhere... but it seems obvious that I need to study ssh tunneling more to avoid this kind of thing in the future... Thanks... issue solved... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.