I am trying to browse a wiki that runs on a server inside one domain from another domain.
The wiki is accessible only on the LAN, but I need to browse it from another LAN to which I connect with an SSH tunnel …
Here is my setup and the steps I did so far:
~.ssh/confing
on wikihost
:
Host gateway
User kisteuser
Port 443
Hostname gateway.companydomain.com
ProxyCommand /home/myuser/bin/ssh-https-tunnel %h %p
# ssh-https-tunnel:
# http://ttcplinux.sourceforge.net/tools/stunnel
Protocol 2
IdentityFile ~/.ssh/key_dsa
LocalForward 11069 localhost:11069
Host server1
User kisteuser
Hostname localhost
Port 11069
LocalForward 8022 server1:22
LocalForward 17001 server1:7100
LocalForward 8080 www-proxy:3128
RemoteForward 11069 localhost:22
from wikihost
myuser@wikihost: ssh -XC -t gateway.companydomain.com ssh -L11069:localhost:22 server1
on another terminal:
ssh gateway.companydomain.com
Now, on my companydomain I would like to start firefox and browse the wiki on wikihost
.
I did:
kisteuser@kiste.companydomain.com ~ $ ssh gateway
Have a lot of fun...
kisteuser@gateway ~ $ ssh -D 8383 localhost
user@localhost's password:
user@wikiserver:~>
My .ssh/config
on that side looks like that:
host server1
localforward 11069 localhost:11069
host localhost
user myuser
port 11069
host wikiserver
forwardagent yes
user myuser
port 11069
hostname localhost
Now, I started firefox on the server called gateway
, and edited the proxy settings to use SOCKSv5, specifying that the proxy should be gateway
and use the port 8383…
kisteuser@gateway ~ $ LANG=C firefox -P --no-remote
And, now I get the following error popping in the Terminal of wikiserver
:
myuser@wikiserver:~> channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
Confused? Me too …
Please help me understand how to properly build the tunnels and browse the wiki over SOCKS protocol.
update:
I managed to browse the wiki on wikiserver with the following changes:
host wikiserver
forwardagent yes
user myuser
port 11069
hostname localhost
localforward 8339 localhost:8443
Now when I ssh gateway
I launch Firefox and go to localhost:8339 and I hit the start page of the wiki, which is served on Port 8443.
Now I ask myself is SOCKS really needed? Can someone elaborate on that ?
Best Answer
To set up SOCKS the way you want, you need to run the
ssh -D 8383
command on the machine where you want to run your browser, and make it connect to a machine that has access to the wiki. You should also uselocalhost:8383
as the proxy address, becausessh -D
by default listens only onlocalhost
as the man page says:So, if
gateway
has access towikihost
, but you want to run your browser onkiste
, you should run firefox onkiste
, configure it with "localhost:8383" as SOCKS proxy, and also runssh -D 8383 gateway
fromkiste
.A few other notes to keep in mind:
Try running all the ssh commands with
-v
. This will show you all the forwards that are being requested and you'll be able to see which one exactly is failing.I would also recommend taking out the tunnels that you do not really need, just to make the situation less confusing.
The error message that you are seeing is triggered when something tries to connect to one end of a static SSH tunnel (one you create with
-L
or-R
) but SSH is unable to connect to the other end of the tunnel.