SSH tunnel para VNC em um sistema Windows 7. Erro: falha na abertura do dispositivo de túnel

1

O sistema do qual estou tentando usar o SSH é o Fedora 20 x86_64. O sistema de tunelamento para o Windows 7 Ultimate 32-bit e tem Cygwin instalado com TigerVNC e OpenSSH.

  • O VNC está sendo executado no Windows 7 na porta 2 = Host: 2
  • O XWinServer está sendo executado no Windows 7 no cygwin.

Isso funciona em vncviewer Hostname:2 .

Quando eu executo este comando:

$ ssh -L 5902:localhost:5902 User@HostName -p port

Eu recebo esse erro, mas fico conectado por meio do SSH ao sistema Windows:

Tunnel device failed.
Could not request tunnel forwarding

Aqui está a depuração:

$ ssh -vvv -L 5902:localhost:5980 UserName@HostName -p Port
OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/UserName/.ssh/config
debug1: /home/UserName/.ssh/config line 20: Applying options for *
debug1: /home/UserName/.ssh/config line 54: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to HostName [HostName] port Port.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 499999 ms remain after connect
debug1: identity file /home/UserName/.ssh/id_rsa type -1
debug1: identity file /home/UserName/.ssh/id_rsa-cert type -1
debug1: identity file /home/UserName/.ssh/id_dsa type -1
debug1: identity file /home/UserName/.ssh/id_dsa-cert type -1
debug1: identity file /home/UserName/.ssh/id_ecdsa type -1
debug1: identity file /home/UserName/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [HostName]:Port
debug3: load_hostkeys: loading entries for host "[HostName]:Port" from file "/home/UserName/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/UserName/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: found [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA b5:05:1a:33:1b:44:21:ae:00:37:0f:2b:24:ae:41:26
debug3: put_host_port: [HostName]:Port
debug3: put_host_port: [HostName]:Port
debug3: load_hostkeys: loading entries for host "[HostName]:Port" from file "/home/UserName/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/UserName/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "[192.168.1.69]:34500" from file "/home/UserName/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/UserName/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug1: Host '[HostName]:34500' is known and matches the ECDSA host key.
debug1: Found key in /home/UserName/.ssh/known_hosts:5
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/UserName/.ssh/id_rsa ((nil)),
debug2: key: /home/UserName/.ssh/id_dsa ((nil)),
debug2: key: /home/UserName/.ssh/id_ecdsa ((nil)),
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/UserName/.ssh/id_rsa
debug3: no such identity: /home/UserName/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/UserName/.ssh/id_dsa
debug3: no such identity: /home/UserName/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/UserName/.ssh/id_ecdsa
debug3: no such identity: /home/UserName/.ssh/id_ecdsa: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: 
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
UserName@HostName's password: 
debug3: packet_send2: adding 48 (len 68 padlen 12 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to HostName ([192.168.1.69]:34500).
debug1: Local connections to LOCALHOST:5902 forwarded to remote address localhost:5980
debug3: channel_setup_fwd_listener: type 2 wildcard 0 addr NULL
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Local forwarding listening on ::1 port 5902.
debug2: fd 4 setting O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 5902.
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [port listener]
debug1: Requesting tun unit 2147483647 in mode 1
debug1: sys_tun_open: failed to configure tunnel (mode 1): Operation not permitted
Tunnel device open failed.
Could not request tunnel forwarding.
debug1: channel 2: new [client-session]
debug3: ssh_session2_open: channel_new: 2
debug2: channel 2: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 2
debug2: channel 2: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env XDG_VTNR
debug3: Ignored env DREAL_TECHNO_NAME
debug3: Ignored env MANPATH
debug3: Ignored env VH_PATSFX
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env KDE_MULTIHEAD
debug3: Ignored env TPD_GLOBAL
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env DM_CONTROL
debug3: Ignored env HOSTNAME
debug3: Ignored env IMSETTINGS_INTEGRATE_DESKTOP
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env MBK_IN_PH
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env XDG_MENU_PREFIX
debug3: Ignored env XSCH_PARAM_NAME
debug3: Ignored env HISTSIZE
debug3: Ignored env XDM_MANAGED
debug3: Ignored env GTK2_RC_FILES
debug3: Ignored env KONSOLE_DBUS_SERVICE
debug3: Ignored env KONSOLE_PROFILE_NAME
debug3: Ignored env VH_MAXERR
debug3: Ignored env GTK_RC_FILES
debug3: Ignored env GS_LIB
debug3: Ignored env WINDOWID
debug3: Ignored env QTDIR
debug3: Ignored env RDS_OUT
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env QTINC
debug3: Ignored env SHELL_SESSION_ID
debug3: Ignored env XFSM_PARAM_NAME
debug3: Ignored env ALLIANCE_TOP
debug3: Ignored env GRAAL_TECHNO_NAME
debug3: Ignored env KDE_FULL_SESSION
debug3: Ignored env TPD_LOCAL
debug3: Ignored env IMSETTINGS_MODULE
debug3: Ignored env QT_GRAPHICSSYSTEM_CHECKED
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env LD_LIBRARY_PATH
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env PATH
debug3: Ignored env MAIL
debug3: Ignored env MBK_SCALE_X
debug3: Ignored env QT_IM_MODULE
debug3: Ignored env MBK_CATAL_NAME
debug3: Ignored env PWD
debug1: Sending env XMODIFIERS = @im=none
debug2: channel 2: request env confirm 0
debug3: Ignored env KONSOLE_DBUS_WINDOW
debug3: Ignored env MBK_OUT_PH
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 2: request env confirm 0
debug3: Ignored env KDE_IS_PRELINKED
debug3: Ignored env GNOME_KEYRING_PID
debug3: Ignored env KDE_SESSION_UID
debug3: Ignored env GENVIEW_TECHNO_NAME
debug3: Ignored env RDS_IN
debug3: Ignored env MBK_SPI_MODEL
debug3: Ignored env KDEDIRS
debug3: Ignored env MBK_OUT_LO
debug3: Ignored env KONSOLE_DBUS_SESSION
debug3: Ignored env MBK_VSS
debug3: Ignored env HISTCONTROL
debug3: Ignored env VH_BEHSFX
debug3: Ignored env SSH_ASKPASS
debug3: Ignored env GPG_TTY
debug3: Ignored env COLORFGBG
debug3: Ignored env SHLVL
debug3: Ignored env XDG_SEAT
debug3: Ignored env HOME
debug3: Ignored env KDE_SESSION_VERSION
debug1: Sending env LANGUAGE = 
debug2: channel 2: request env confirm 0
debug3: Ignored env MBK_C4_LIB
debug3: Ignored env MBK_VDD
debug3: Ignored env MBK_TARGET_LIB
debug3: Ignored env XCURSOR_THEME
debug3: Ignored env RDS_TECHNO_NAME
debug3: Ignored env LOGNAME
debug3: Ignored env VH_DLYSFX
debug3: Ignored env QTLIB
debug3: Ignored env CVS_RSH
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env MBK_IN_LO
debug3: Ignored env LESSOPEN
debug3: Ignored env MBK_WORK_LIB
debug3: Ignored env XPAT_PARAM_NAME
debug3: Ignored env WINDOWPATH
debug3: Ignored env PROFILEHOME
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env QT_PLUGIN_PATH
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env GTK_IM_MODULE
debug3: Ignored env ELP_TECHNO_NAME
debug3: Ignored env MBK_CATA_LIB
debug3: Ignored env CCACHE_HASHDIR
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 2: request shell confirm 1
debug2: callback done
debug2: channel 2: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 2
debug2: PTY allocation request accepted on channel 2
debug2: channel 2: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 2
debug2: shell request accepted on channel 2
Last login: Tue Apr 15 07:37:45 2014 from HostName.lan
      ____________________,             ______________________________________
   .QQQQQQQQQQQQQQQQQQQQQQQQL_         |                                      |
 .gQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ__   |                                      |
 gQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ==   |                    _.---.)           |
 QQQQQQQQQQQQQQQQQQQQQQQQQQQF=         |          (^--^)_.-"      ';          |
 QQQQQQQQQ================!            |          ) ee (           |          |
 QQQQQQQQ                              |         (_.__._)         /           |
 QQQQQQQQ                              |           '--',        ,'            |
 QQQQQQQQ     ~"jjj__,                 |            jgs )_|--')_|             |
 QQQQQQQQ       "jjjjjjjjjj___         |                ""'   ""'             |
 QQQQQQQQ        ~jjjjjjjjjjjjjjjjj__  |                                      |
 QQQQQQQQ        _jjjjjjjjjjjjjj/~~~~  |      The Hippo says: Welcome to      |
 QQQQQQQQ      .{jjjjjjj/~~~~~         |                             _        |
 QQQQQQQQ     .{/~~~~'                 |  ____  _   _   ____  _ _ _ (_) ____  |
 QQQQQQQQ                              | / ___)| | | | / _  || | | || ||  _ \ |
 QQQQQQQQ                              |( (___ | |_| |( (_| || | | || || | | ||
 QQQQQQQQQL_______________,            | \____) \__  | \___ | \___/ |_||_| |_||
 QQQQQQQQQQQQQQQQQQQQQQQQQQQL___       |        (___/  (____|                 |
 4QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ___  |                                      |
 (=QQQQQQQQQQQQQQQQQQQQQQQQQQQQQ====   |       -.-. -.-- --. .-- .. -.        |
   (QQQQQQQQQQQQQQQQQQQQQQQQF=         |______________________________________|


UserName@HostName ~
$ 
    
por somethingSomething 15.04.2014 / 06:09

1 resposta

1
man ssh

-L [bind_address:] port:host:hostport

Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of localhost indicates that the listening port be bound for local use only, while an empty address or * indicates that the port should be avail able from all interfaces.

O principal problema aqui é este:

 5902:localhost:5902

Você não pode encaminhar 5902 para 5902 - já é 5902 . É por isso que funciona quando você se conecta sem ssh - porque ele já é servido. Se você quiser encaminhar uma porta local para outra, faça:

${FROM_PORT}:localhost:${TO_PORT}

Se você quiser encaminhar uma porta local para uma máquina remota, faça o seguinte:

${LOCAL_PORT}:${REMOTE_HOST}:${REMOTE_PORT}

E a máquina remota pode se conectar com:

ssh user@localhost -p ${REMOTE_PORT}
    
por 15.04.2014 / 09:11