SSH tunnel to allow ssh traffic: connection always refused

gitsshssh-tunnel

I have access to two servers at work. Server A hosts git repositories and is externally visible. I would like to be able to clone a repository into Server B which is hosted on Server A.

Currently, I can't ssh from Server B to Server A. I am assuming the firewall is blocking that.

So I am trying to create an ssh tunnel following writeups I've come across, but so far to no avail.

From Server A's shell:

$ ssh -L 1234:localhost:22 user@server_b

This successfully logs me in to Server B. From there I can't seem to do anything using ssh:

$ ssh user@localhost
$ user@localhost's password: <entered correctly>
$ Permission denied, please try again.

$ ssh user@localhost -p 1234
$ ssh: connect to host localhost port 1234: Connection refused

Trying to clone

$ git clone ssh://user@localhost:1234/path/to/repo.git/
$ ssh: connect to host localhost port 1234: Connection refused
$ fatal: The remote end hung up unexpectedly

Is my initial tunneling command incorrect? Or might I need to get the network admin to open something up on the firewall?

Best Answer

You need to create a reverse tunnel with -R instead of -L.

On your local machine, use

ssh -R 1234:server_a:22 user@server_b

You'll get a shell on server_b. If you do

ssh -p 1234 user@localhost

on this shell, this will connect you to port 22 of server_a, tunneled through your local machine.

After that, your git clone command should work.

Related Solutions

Ssh – Running git pull from a php script

Could not create directory '/.ssh'. Host key verification failed. fatal: The remote end hung up unexpectedly

Read and consider your error message. Host keys are stored in the ~/.ssh/known_hosts file. Your Apache user has "/" as its home directory, and it definitely doesn't and shouldn't have write access to the root.

I suggest that you create a user account for this... maybe gitpull-user or something. Make sure it has a usable home directory, even if it's somewhere atypical. Login as that user and create a shell script that accomplishes what you're trying to do as that user. Of course, you'll also have to copy your appropriate id_rsa key to the user's account, etc.

Configure sudo to launch that script by adding this line to /etc/sudoers

apache ALL = (gitpull-user) NOPASSWD: /path/to/script.sh`

and also if you're having "No TTY" issues:

Defaults:apache !requiretty

Change your PHP script to call sudo -u gitpull-user ./script.sh

It would be possible to change Apache's home directory to a "real" location and just drop the key in there, but that would expose a risk where your data would have to be owned by apache and the key could be read if the daemon were compromised. Establishing a second user provides a level of isolation.

Centos – ssh connection refused with out iptables rulles

The sshd process may not be running at all.

try checking with:

netstat -tulpn  | grep LISTEN | grep sshd

to see if it's running, and on which port.

Related Topic