SSH Configuration Help / Impossível tunelar

2

Eu tenho uma instalação de estoque de Ubuntu 16.04.2 com configuração de autenticação baseada em chave e funcionando bem. Eu também instalei um mysql-server 5.7.17 não modificado. Eu não consigo me conectar ao servidor mysql via Sequel Pro ssh tunneling. Sempre retorna o seguinte:

Unable to connect to host 127.0.0.1 because the port connection via SSH was refused.

Please ensure that your MySQL host is set up to allow TCP/IP connections (no --skip-networking) and is configured to allow connections from the host you are tunnelling via.

You may also want to check the port is correct and that you have the necessary privileges.

Checking the error detail will show the SSH debug log which may provide more details.

MySQL said: Lost connection to MySQL server at 'reading initial communication packet', system error: 0

O log completo:

Used command:  /usr/bin/ssh -v -N -S none -o ControlMaster=no -o ExitOnForwardFailure=yes -o ConnectTimeout=10 -o NumberOfPasswordPrompts=3 -o TCPKeepAlive=no -o ServerAliveInterval=60 -o ServerAliveCountMax=1 [email protected] -L 53471:127.0.0.1:3306

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/example/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Control socket " none" does not exist
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /Users/example/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/example/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/example/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/example/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/example/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/example/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/example/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/example/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to x.x.x.x:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected]  none
debug1: kex: client->server [email protected]  none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:eFHrFt6z4o0mErU0vnzcuzlyIQqZPUa09a0RFl0wE7Q
debug1: Host 'x.x.x.x' is known and matches the RSA host key.
debug1: Found key in /Users/example/.ssh/known_hosts:36
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/example/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to x.x.x.x ([x.x.x.x]:22).
debug1: Local connections to LOCALHOST:53471 forwarded to remote address 127.0.0.1:3306
debug1: Local forwarding listening on ::1 port 53471.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 53471.
debug1: channel 1: new [port listener]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Connection to port 53471 forwarding to 127.0.0.1 port 3306 requested.
debug1: channel 2: new [direct-tcpip]
debug1: client_input_global_request: rtype [email protected] want_reply 0
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip: listening port 53471 for 127.0.0.1 port 3306, connect from 127.0.0.1 port 53473 to 127.0.0.1 port 53471, nchannels 3

E aqui está meu sshd_config :

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes

KeyRegenerationInterval 3600
ServerKeyBits 1024

SyslogFacility AUTH
LogLevel INFO

LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no

PermitEmptyPasswords no

ChallengeResponseAuthentication no

PasswordAuthentication no



X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes


AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

Match Group mystaff
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding yes
    ForceCommand internal-sftp
    PermitTunnel yes

AllowTcpForwarding yes
PermitTunnel yes
AllowAgentForwarding yes

Eu sei que alguns dos valores em sshd_config são redundantes, mas eu testei muitas variações dele. Isso é frustrante porque essa configuração é totalmente desanimadora, além de desabilitar a autenticação de senha.

Existe algo que eu preciso fazer com o firewall? Eu não achei que houvesse uma vez que o ssh já é permitido.

Atualizar

Nota interessante: Eu posso concluir a remoção do mysql do servidor, e o Sequel Pro ainda retornará exatamente o mesmo erro. Acho que isso significa que está relacionado à configuração do SSH.

Também é digno de nota que esta mesma mensagem de erro é retornada no HeidiSQL e no MySQL Workbench.

    
por Brandon 20.02.2017 / 20:24

1 resposta

0

Não estou familiarizado com o produto Sequel Pro, mas estou pensando se isso tem algo a ver com X11Forwarding definido como no .

Você já tentou entrar em contato com o fornecedor?

    
por 20.02.2017 / 23:19