Port 9999 on a remote server needs to be accessed through an SSH tunnel at local port 9990 to avoid firewalls.
I am using this command to SSH tunnel:
ssh -N -i share.pem -L 9990:`ecshare`:9999 ubuntu@`ecshare`
where ecmy contains the ec2 instance's ip.
As a baseline, I can ssh and get a remote shell with this command:
ssh -i share.pem ubuntu@`ecshare`
But, when I try this on the local prompt:
curl -i -X GET http://localhost:9990
I get this on the shell where the tunnel was started:
channel 2: open failed: connect failed: Connection refused
When I try this command on the remote shell:
curl -i -X GET http://localhost:9999
… I get a response from the server.
Why is connection being refused?
Best Answer
Despite the authentication method used, SSH tunneling works the same way. The problem here is not about using public key authentication but understanding the basics of How to Use SSH Tunneling.
Your
-L 9990:example.com:9999
connects to the public network interface on the remote side while you connect tolocalhost:9999
in yourcurl
test. The firewall you mentioned you need to avoid is probably on the remote side, preventing you to usehttp://example.com:9999/
in the first place.You should use
-L 9990:localhost:9999
instead to make it use local loopback.This diagram visualizes your situation. The
-L [ bind_address:]port:host:hostport
...