 |
start ssh port forwarding at boot time
|
|
On Sun, 15 Jun 2008 23:23:12 +0200, Matthias Meyer <...@gmx.li
Hello,
I try to start port forwarding shortly after boot by using cygrunsrv.
$ cygrunsrv -Q forward5729
Service : forward5729
Current State : Stopped
Command : /usr/bin/ssh -v -f -2 -N -L 5729:localhost:5729 use...@myhost.tld
Unfortunately this will not work for me:
root@hostxp ~
$ tail /var/log/forward5729.log
:
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server-debug1: kex: client-debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
If I start it in a terminal, it will work:
root@hostxp ~
$ /usr/bin/ssh -v -f -2 -N -L 5729:localhost:5729 use...@myhost.tld
:
debug1: Connection established.
debug1: identity file /home/root/.ssh/id_rsa type 1
debug1: identity file /home/root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server-debug1: kex: client-debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'athlux.homelinux.org' is known and matches the RSA host key.
debug1: Found key in /home/root/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
:
What should I do?
Thanks in advance
Matthias
--
Don't Panic
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
|
|
|
|
On Mon, 16 Jun 2008 00:24:16 +0200, Matthias Meyer <...@gmx.li
Am Sonntag 15 Juni 2008 schrieb René Berber:
root@hostxp ~
$ cygrunsrv -I forward -p /usr/bin/ssh -a "-v -f -2 -N -L 5729:localhost:5729 use...@myhost.tld" -u root -w password
$ cygrunsrv -S forward
cygrunsrv: Error starting a service: StartService: Win32 error 1069:
Der Dienst konnte wegen einer fehlerhaften Anmeldung nicht gestartet werden.
which means in english:
The service could not be started because of an incorrect registration.
But I'm sure. Username and password are correct.
Nothing will be written in /var/log/forward.log.
Thanks
Matthias
--
Don't Panic
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
|
|
On Sun, 15 Jun 2008 17:54:20 -0500, René Berber <...@computer.org
[snip]
User means Windows user, not root.
Actually there is another way to do the same, instead of running the
service as your Windows user (the one that has ~/.ssh/<the keyscan pass the -i /path/to/your/home/.ssh/id_dsa (or id_rsa) to ssh.
Snippet from man ssh:
-i identity_file
Selects a file from which the identity (private key) for
RSA or
DSA authentication is read. The default is
~/.ssh/identity for
protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa
for pro-
tocol version 2. Identity files may also be specified on
a per-
host basis in the configuration file. It is possible to have
multiple -i options (and multiple identities specified in
config-
uration files).
--
René Berber
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
|
|
On Sun, 15 Jun 2008 18:11:21 -0500, René Berber <...@computer.org
[snip]
The message in english:
$ net helpmsg 1069
The service did not start due to a logon failure.
Sorry I didn't realize your user name is "root", seems that cygrunsrv is
not able to change users which is a Windows capability option.
You can use the other alternative (ssh -i ...) or add the required
rights or capabilities, or use stunnel instead of ssh.
--
René Berber
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
|
|
On Sun, 15 Jun 2008 16:25:58 -0700, Brian Dessent <...@dessent.net
Cygrunsrv does not require the ability to change users as sshd does.
The service is configured to run as a given user in the service control
manager, and cygrunsrv is simply setting those options in the registry.
This works fully.
I still think you were right in that the OP was incorrectly using their
ssh username/password when they should be using their Windows username
and password.
Brian
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
|
|
On Sun, 15 Jun 2008 16:33:47 -0700, Brian Dessent <...@dessent.net
Oh, and on the topic of automatically setting up ssh port forwarding as
a service: OP should definitely use autossh. This will keep the
connection alive if it drops, automatically restarting it as necessary.
Otherwise, the first time it dies the service will stop and the user
must manually restart it again.
I've been doing this (autossh port forwarding) for years and it's
fantastically convenient.
Brian
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
|
|
|