Discussion :

[tommytom78]

Bonjours,
Je m'en remet à vous, car depuis deux jours, je tente péniblement de créer un tunnel SSH sur mon serveur (en vrai c'est un pc portable) FreeBSD.
La connexion en SSH marche parfaitement bien.
La création du tunnel marche aussi:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

ssh -L 2080:localhost:80 root@freebsd-server

Mais si je configure firefox sur le port 2080, en local j'ai un timeout et sur internet j'ai une connetion refused.

Voici mon sshd_config:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#       $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
#       $FreeBSD: src/crypto/openssh/sshd_config,v 1.49.2.2.2.1 2010/06/14 02:09
:06 kensmith Exp $
 
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
 
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
 
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.
 
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
 
#VersionAddendum FreeBSD-20100308
 
Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
:q
freebsd-server# cat /etc/ssh/sshd_config
#	$OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.49.2.2.2.1 2010/06/14 02:09:06 kensmith Exp $
 
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
 
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
 
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.
 
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
 
#VersionAddendum FreeBSD-20100308
 
Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
 
# The default requires explicit activation of protocol 1
Protocol 2
 
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
 
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
 
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
 
# Authentication:
 
#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
 
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys
 
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
 
# Change to yes to enable built-in password authentication.
PasswordAuthentication yes 
#PermitEmptyPasswords no
 
# Change to no to disable PAM authentication
#ChallengeResponseAuthentication no 
 
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
 
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
 
# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM no 
 
PermitRootLogin yes
AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
PermitTunnel yes 
#ChrootDirectory none
 
# no default banner path
#Banner none
 
# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server
 
# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	ForceCommand cvs server

Je précise que sur mon serveur Debian, cést exactement la même chose et mes rêgles Iptables sont vides.
J'ai tout fait, je ne vois pas la source du problème.
Merci de votre aide.

[ram-0000]

Je ne comprends pas bien l'intéret de ton tunnel.

Le tunnel que tu établies se fait entre le port 2080 de ton pc client et le port 80 de localhost de freebsd-server (donc freebsd-server a priori).

Qu'est-ce qu'il y a sur le port 80 de freebsd-server ?

[RastaYoupi]

Est-ce que la finalité est un proxy SSH ?
Auquel cas il faudrait que tu pointes sur le port d'écoute du proxy de la machine Debian.