SSH: Troubleshooting “Remote port forwarding failed for listen port” errors The Next CEO...

Calculating discount not working

What does this strange code stamp on my passport mean?

Mathematica command that allows it to read my intentions

Prodigo = pro + ago?

How to pronounce fünf in 45

How to show a landlord what we have in savings?

Is this a new Fibonacci Identity?

What happens if you break a law in another country outside of that country?

Find a path from s to t using as few red nodes as possible

Early programmable calculators with RS-232

How badly should I try to prevent a user from XSSing themselves?

Which acid/base does a strong base/acid react when added to a buffer solution?

Would a grinding machine be a simple and workable propulsion system for an interplanetary spacecraft?

Another proof that dividing by 0 does not exist -- is it right?

Masking layers by a vector polygon layer in QGIS

Is it okay to majorly distort historical facts while writing a fiction story?

Strange use of "whether ... than ..." in official text

Could a dragon use its wings to swim?

Incomplete cube

Direct Implications Between USA and UK in Event of No-Deal Brexit

MT "will strike" & LXX "will watch carefully" (Gen 3:15)?

Create custom note boxes

Small nick on power cord from an electric alarm clock, and copper wiring exposed but intact

How should I connect my cat5 cable to connectors having an orange-green line?



SSH: Troubleshooting “Remote port forwarding failed for listen port” errors



The Next CEO of Stack OverflowSSH portforward and direct SSH to remote boxHow can I set up Reverse port forwarding with remote desktop over UDP(Not TCP)?Warning: remote port forwarding failed for listen port 'xxxx'Port forwarding spotty through Arris TG862G/CTHow do I use ssh ProxyCommand to connect to remote MySQL server behind bastion host?Port forwarding working on Virtualbox but not on VMware Workstation for Centos7 virtual machineHow do I prevent my SSH tunnel port forwarding rules from disconnecting when idle?Can I use other host instead of localhost for Destination Field in SSH Reverse Tunnel Port Forwarding?How do I forward a local port to a remote port through SSH?Remote port forwarding failed to listen on any port












7















Question: Why does ssh -N -R 2222:localhost:22 <bluehost_user>@<bluehost_ip> result in a "Remote port forwarding failed for listen port" error? The objective is to establish a reverse tunnel with port forwarding in order to consistently ssh into a host behind a NAT router that has a dynamic private IP. See image for details.



Already Tried:




  1. Researched existing literature on Google, Stackoverflow, etc. There are topics concerning this error message, however the resolutions given resolve root causes different than that of this particular instance because those resolutions do not resolve the error in this case.

  2. I've performed several diagnostics to validate the required ports are open. Some of those results are shown in the image below.


Reverse SSH Tunnel



Image 1



Update



I was trying the following command for Step 2:
reduser@redhost:~ ssh greenuser@greenhost -p 2222



It should be:
reduser@redhost:~ ssh greenuser@bluehost -p 2222
You want to use the greenuser credentials on the bluehost IP because the host you are loging into when you use port 2222 is really the greenhost.






linux networking ssh port-forwarding port







share|improve this question

























  • Have you checked out serverfault.com/questions/595323/… ?

    – balwa
    Mar 31 '17 at 3:44











  • @balwa Checked but that is about connections expiring after a period of time. The connection never succeeds in my case. I also make use of the KeepAliveInterval parameters so there is explicit control over some of the time factors.

    – ngm_code
    Apr 2 '17 at 14:46











  • @ModeratorImpersonator tried ssh -N -R <bluehost_ip>:2222:localhost:22 and ssh seemed to take that as invalid syntax. ssh simply returned usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] ...

    – ngm_code
    Apr 2 '17 at 14:57











  • @Ramhound I reworded the question to be more direct. Please take post off hold or offer more specific comments as to why this was put on hold.

    – ngm_code
    Apr 2 '17 at 19:56













  • @DavidPostill I disagree with this post being put on hold. The question, what causes the error message so and so is in my view a perfectly acceptable one.

    – MariusMatutiae
    Apr 2 '17 at 21:12


















7















Question: Why does ssh -N -R 2222:localhost:22 <bluehost_user>@<bluehost_ip> result in a "Remote port forwarding failed for listen port" error? The objective is to establish a reverse tunnel with port forwarding in order to consistently ssh into a host behind a NAT router that has a dynamic private IP. See image for details.



Already Tried:




  1. Researched existing literature on Google, Stackoverflow, etc. There are topics concerning this error message, however the resolutions given resolve root causes different than that of this particular instance because those resolutions do not resolve the error in this case.

  2. I've performed several diagnostics to validate the required ports are open. Some of those results are shown in the image below.


Reverse SSH Tunnel



Image 1



Update



I was trying the following command for Step 2:
reduser@redhost:~ ssh greenuser@greenhost -p 2222



It should be:
reduser@redhost:~ ssh greenuser@bluehost -p 2222
You want to use the greenuser credentials on the bluehost IP because the host you are loging into when you use port 2222 is really the greenhost.






linux networking ssh port-forwarding port







share|improve this question

























  • Have you checked out serverfault.com/questions/595323/… ?

    – balwa
    Mar 31 '17 at 3:44











  • @balwa Checked but that is about connections expiring after a period of time. The connection never succeeds in my case. I also make use of the KeepAliveInterval parameters so there is explicit control over some of the time factors.

    – ngm_code
    Apr 2 '17 at 14:46











  • @ModeratorImpersonator tried ssh -N -R <bluehost_ip>:2222:localhost:22 and ssh seemed to take that as invalid syntax. ssh simply returned usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] ...

    – ngm_code
    Apr 2 '17 at 14:57











  • @Ramhound I reworded the question to be more direct. Please take post off hold or offer more specific comments as to why this was put on hold.

    – ngm_code
    Apr 2 '17 at 19:56













  • @DavidPostill I disagree with this post being put on hold. The question, what causes the error message so and so is in my view a perfectly acceptable one.

    – MariusMatutiae
    Apr 2 '17 at 21:12
















7












7








7


2






Question: Why does ssh -N -R 2222:localhost:22 <bluehost_user>@<bluehost_ip> result in a "Remote port forwarding failed for listen port" error? The objective is to establish a reverse tunnel with port forwarding in order to consistently ssh into a host behind a NAT router that has a dynamic private IP. See image for details.



Already Tried:




  1. Researched existing literature on Google, Stackoverflow, etc. There are topics concerning this error message, however the resolutions given resolve root causes different than that of this particular instance because those resolutions do not resolve the error in this case.

  2. I've performed several diagnostics to validate the required ports are open. Some of those results are shown in the image below.


Reverse SSH Tunnel



Image 1



Update



I was trying the following command for Step 2:
reduser@redhost:~ ssh greenuser@greenhost -p 2222



It should be:
reduser@redhost:~ ssh greenuser@bluehost -p 2222
You want to use the greenuser credentials on the bluehost IP because the host you are loging into when you use port 2222 is really the greenhost.






linux networking ssh port-forwarding port







share|improve this question
















Question: Why does ssh -N -R 2222:localhost:22 <bluehost_user>@<bluehost_ip> result in a "Remote port forwarding failed for listen port" error? The objective is to establish a reverse tunnel with port forwarding in order to consistently ssh into a host behind a NAT router that has a dynamic private IP. See image for details.



Already Tried:




  1. Researched existing literature on Google, Stackoverflow, etc. There are topics concerning this error message, however the resolutions given resolve root causes different than that of this particular instance because those resolutions do not resolve the error in this case.

  2. I've performed several diagnostics to validate the required ports are open. Some of those results are shown in the image below.


Reverse SSH Tunnel



Image 1



Update



I was trying the following command for Step 2:
reduser@redhost:~ ssh greenuser@greenhost -p 2222



It should be:
reduser@redhost:~ ssh greenuser@bluehost -p 2222
You want to use the greenuser credentials on the bluehost IP because the host you are loging into when you use port 2222 is really the greenhost.






linux networking ssh port-forwarding port




linux networking ssh port-forwarding port






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 5 '17 at 3:49







ngm_code

















asked Mar 31 '17 at 2:36









ngm_codengm_code

39115




39115













  • Have you checked out serverfault.com/questions/595323/… ?

    – balwa
    Mar 31 '17 at 3:44











  • @balwa Checked but that is about connections expiring after a period of time. The connection never succeeds in my case. I also make use of the KeepAliveInterval parameters so there is explicit control over some of the time factors.

    – ngm_code
    Apr 2 '17 at 14:46











  • @ModeratorImpersonator tried ssh -N -R <bluehost_ip>:2222:localhost:22 and ssh seemed to take that as invalid syntax. ssh simply returned usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] ...

    – ngm_code
    Apr 2 '17 at 14:57











  • @Ramhound I reworded the question to be more direct. Please take post off hold or offer more specific comments as to why this was put on hold.

    – ngm_code
    Apr 2 '17 at 19:56













  • @DavidPostill I disagree with this post being put on hold. The question, what causes the error message so and so is in my view a perfectly acceptable one.

    – MariusMatutiae
    Apr 2 '17 at 21:12





















  • Have you checked out serverfault.com/questions/595323/… ?

    – balwa
    Mar 31 '17 at 3:44











  • @balwa Checked but that is about connections expiring after a period of time. The connection never succeeds in my case. I also make use of the KeepAliveInterval parameters so there is explicit control over some of the time factors.

    – ngm_code
    Apr 2 '17 at 14:46











  • @ModeratorImpersonator tried ssh -N -R <bluehost_ip>:2222:localhost:22 and ssh seemed to take that as invalid syntax. ssh simply returned usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] ...

    – ngm_code
    Apr 2 '17 at 14:57











  • @Ramhound I reworded the question to be more direct. Please take post off hold or offer more specific comments as to why this was put on hold.

    – ngm_code
    Apr 2 '17 at 19:56













  • @DavidPostill I disagree with this post being put on hold. The question, what causes the error message so and so is in my view a perfectly acceptable one.

    – MariusMatutiae
    Apr 2 '17 at 21:12



















Have you checked out serverfault.com/questions/595323/… ?

– balwa
Mar 31 '17 at 3:44





Have you checked out serverfault.com/questions/595323/… ?

– balwa
Mar 31 '17 at 3:44













@balwa Checked but that is about connections expiring after a period of time. The connection never succeeds in my case. I also make use of the KeepAliveInterval parameters so there is explicit control over some of the time factors.

– ngm_code
Apr 2 '17 at 14:46





@balwa Checked but that is about connections expiring after a period of time. The connection never succeeds in my case. I also make use of the KeepAliveInterval parameters so there is explicit control over some of the time factors.

– ngm_code
Apr 2 '17 at 14:46













@ModeratorImpersonator tried ssh -N -R <bluehost_ip>:2222:localhost:22 and ssh seemed to take that as invalid syntax. ssh simply returned usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] ...

– ngm_code
Apr 2 '17 at 14:57





@ModeratorImpersonator tried ssh -N -R <bluehost_ip>:2222:localhost:22 and ssh seemed to take that as invalid syntax. ssh simply returned usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] ...

– ngm_code
Apr 2 '17 at 14:57













@Ramhound I reworded the question to be more direct. Please take post off hold or offer more specific comments as to why this was put on hold.

– ngm_code
Apr 2 '17 at 19:56







@Ramhound I reworded the question to be more direct. Please take post off hold or offer more specific comments as to why this was put on hold.

– ngm_code
Apr 2 '17 at 19:56















@DavidPostill I disagree with this post being put on hold. The question, what causes the error message so and so is in my view a perfectly acceptable one.

– MariusMatutiae
Apr 2 '17 at 21:12







@DavidPostill I disagree with this post being put on hold. The question, what causes the error message so and so is in my view a perfectly acceptable one.

– MariusMatutiae
Apr 2 '17 at 21:12












2 Answers
2






active

oldest

votes


















12















Why does ssh -N -R 2222:localhost:22 <bluehost_user>@<bluehost_ip> result in a "Remote port forwarding failed for listen port" error?




I get this exact warning when I attempt to use a port that is already taken on the remote side.



The output of netstat from bluehost indicates that something is already listening on port 2222 there. It doesn't show what it is though.



Solutions:




  1. Change 2222 in your ssh invocation to some other port which is not in use on bluehost. Just make it greater than 1023 because regular users can't bind to well-known ports; otherwise you will get the same warning regardless of whether the port is in use or not.

  2. Or identify the listening process (on bluehost) with sudo lsof -i TCP:2222; terminate or reconfigure it to make the port 2222 available.



Edit:



In your case this part of man ssh seems important:




-R [bind_address:]port:host:hostport

-R [bind_address:]port:local_socket

-R remote_socket:host:hostport

-R remote_socket:local_socket


[…] By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).




It means you should have GatewayPorts yes in the sshd_config on bluehost. Read man 5 sshd_config to learn more. Don't forget to reload the service afterwards.






share|improve this answer


























  • Interestingly, I'm seeing a connection from China (note I was using this host as a VPN from China when I was there a few weeks ago). While this host is a sandbox, it's still concerning <bluehost_user>@<bluehost_ip>:~$ netstat | grep 2222 tcp 0 0 <bluehost_ip>:2222 htuidc.bgp.ip:2599 SYN_RECV Port 2222 open or not, how would one connect without a username and password (note this is tcp not ssh)? I do have sshd listening on 2222 as configured in /etc/ssh/sshd_config.

    – ngm_code
    Apr 3 '17 at 13:51













  • Additional info from lsof: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 1034 root 3u IPv4 13344 0t0 TCP *:2222 (LISTEN) sshd 1034 root 4u IPv6 13353 0t0 TCP *:2222 (LISTEN)

    – ngm_code
    Apr 3 '17 at 13:53











  • @ngm_code So it's your sshd that needs to be reconfigured. Or just use another port when you ssh -R from elsewhere.

    – Kamil Maciorowski
    Apr 3 '17 at 14:00











  • Ok, I will take a look. So you're saying it's incompatible to open a port via /etc/ssh/sshd_config prior to opening it up at runtime via a call to ssh in the CLI?

    – ngm_code
    Apr 3 '17 at 20:43













  • @ngm_code Yes. Ports (or one port, usually 22) configured in sshd_config are for SSH clients to connect to. In your case you connect to one of these ports and order sshd to open additional port and tunnel it to your machine. If it could be the same port then sshd wouldn't know whether incoming packets are destined to it or to the tunnel.

    – Kamil Maciorowski
    Apr 3 '17 at 21:03



















3














Make sure there is no hanging connection on port 2222 at bluehost.
Test at bluehost lsof -t -i:2222 whether any process id is using port 2222. Additionally, kill this process (for example with kill $(lsof -t -i:2222)).



This resolved the issue for me. Hopefully this information is useful for someone else. :)






share|improve this answer
























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1194105%2fssh-troubleshooting-remote-port-forwarding-failed-for-listen-port-errors%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    12















    Why does ssh -N -R 2222:localhost:22 <bluehost_user>@<bluehost_ip> result in a "Remote port forwarding failed for listen port" error?




    I get this exact warning when I attempt to use a port that is already taken on the remote side.



    The output of netstat from bluehost indicates that something is already listening on port 2222 there. It doesn't show what it is though.



    Solutions:




    1. Change 2222 in your ssh invocation to some other port which is not in use on bluehost. Just make it greater than 1023 because regular users can't bind to well-known ports; otherwise you will get the same warning regardless of whether the port is in use or not.

    2. Or identify the listening process (on bluehost) with sudo lsof -i TCP:2222; terminate or reconfigure it to make the port 2222 available.



    Edit:



    In your case this part of man ssh seems important:




    -R [bind_address:]port:host:hostport
    
-R [bind_address:]port:local_socket
    
-R remote_socket:host:hostport
    
-R remote_socket:local_socket


    […] By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).




    It means you should have GatewayPorts yes in the sshd_config on bluehost. Read man 5 sshd_config to learn more. Don't forget to reload the service afterwards.






    share|improve this answer


























    • Interestingly, I'm seeing a connection from China (note I was using this host as a VPN from China when I was there a few weeks ago). While this host is a sandbox, it's still concerning <bluehost_user>@<bluehost_ip>:~$ netstat | grep 2222 tcp 0 0 <bluehost_ip>:2222 htuidc.bgp.ip:2599 SYN_RECV Port 2222 open or not, how would one connect without a username and password (note this is tcp not ssh)? I do have sshd listening on 2222 as configured in /etc/ssh/sshd_config.

      – ngm_code
      Apr 3 '17 at 13:51













    • Additional info from lsof: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 1034 root 3u IPv4 13344 0t0 TCP *:2222 (LISTEN) sshd 1034 root 4u IPv6 13353 0t0 TCP *:2222 (LISTEN)

      – ngm_code
      Apr 3 '17 at 13:53











    • @ngm_code So it's your sshd that needs to be reconfigured. Or just use another port when you ssh -R from elsewhere.

      – Kamil Maciorowski
      Apr 3 '17 at 14:00











    • Ok, I will take a look. So you're saying it's incompatible to open a port via /etc/ssh/sshd_config prior to opening it up at runtime via a call to ssh in the CLI?

      – ngm_code
      Apr 3 '17 at 20:43













    • @ngm_code Yes. Ports (or one port, usually 22) configured in sshd_config are for SSH clients to connect to. In your case you connect to one of these ports and order sshd to open additional port and tunnel it to your machine. If it could be the same port then sshd wouldn't know whether incoming packets are destined to it or to the tunnel.

      – Kamil Maciorowski
      Apr 3 '17 at 21:03
















    12















    Why does ssh -N -R 2222:localhost:22 <bluehost_user>@<bluehost_ip> result in a "Remote port forwarding failed for listen port" error?




    I get this exact warning when I attempt to use a port that is already taken on the remote side.



    The output of netstat from bluehost indicates that something is already listening on port 2222 there. It doesn't show what it is though.



    Solutions:




    1. Change 2222 in your ssh invocation to some other port which is not in use on bluehost. Just make it greater than 1023 because regular users can't bind to well-known ports; otherwise you will get the same warning regardless of whether the port is in use or not.

    2. Or identify the listening process (on bluehost) with sudo lsof -i TCP:2222; terminate or reconfigure it to make the port 2222 available.



    Edit:



    In your case this part of man ssh seems important:




    -R [bind_address:]port:host:hostport
    
-R [bind_address:]port:local_socket
    
-R remote_socket:host:hostport
    
-R remote_socket:local_socket


    […] By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).




    It means you should have GatewayPorts yes in the sshd_config on bluehost. Read man 5 sshd_config to learn more. Don't forget to reload the service afterwards.






    share|improve this answer


























    • Interestingly, I'm seeing a connection from China (note I was using this host as a VPN from China when I was there a few weeks ago). While this host is a sandbox, it's still concerning <bluehost_user>@<bluehost_ip>:~$ netstat | grep 2222 tcp 0 0 <bluehost_ip>:2222 htuidc.bgp.ip:2599 SYN_RECV Port 2222 open or not, how would one connect without a username and password (note this is tcp not ssh)? I do have sshd listening on 2222 as configured in /etc/ssh/sshd_config.

      – ngm_code
      Apr 3 '17 at 13:51













    • Additional info from lsof: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 1034 root 3u IPv4 13344 0t0 TCP *:2222 (LISTEN) sshd 1034 root 4u IPv6 13353 0t0 TCP *:2222 (LISTEN)

      – ngm_code
      Apr 3 '17 at 13:53











    • @ngm_code So it's your sshd that needs to be reconfigured. Or just use another port when you ssh -R from elsewhere.

      – Kamil Maciorowski
      Apr 3 '17 at 14:00











    • Ok, I will take a look. So you're saying it's incompatible to open a port via /etc/ssh/sshd_config prior to opening it up at runtime via a call to ssh in the CLI?

      – ngm_code
      Apr 3 '17 at 20:43













    • @ngm_code Yes. Ports (or one port, usually 22) configured in sshd_config are for SSH clients to connect to. In your case you connect to one of these ports and order sshd to open additional port and tunnel it to your machine. If it could be the same port then sshd wouldn't know whether incoming packets are destined to it or to the tunnel.

      – Kamil Maciorowski
      Apr 3 '17 at 21:03














    12












    12








    12








    Why does ssh -N -R 2222:localhost:22 <bluehost_user>@<bluehost_ip> result in a "Remote port forwarding failed for listen port" error?




    I get this exact warning when I attempt to use a port that is already taken on the remote side.



    The output of netstat from bluehost indicates that something is already listening on port 2222 there. It doesn't show what it is though.



    Solutions:




    1. Change 2222 in your ssh invocation to some other port which is not in use on bluehost. Just make it greater than 1023 because regular users can't bind to well-known ports; otherwise you will get the same warning regardless of whether the port is in use or not.

    2. Or identify the listening process (on bluehost) with sudo lsof -i TCP:2222; terminate or reconfigure it to make the port 2222 available.



    Edit:



    In your case this part of man ssh seems important:




    -R [bind_address:]port:host:hostport
    
-R [bind_address:]port:local_socket
    
-R remote_socket:host:hostport
    
-R remote_socket:local_socket


    […] By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).




    It means you should have GatewayPorts yes in the sshd_config on bluehost. Read man 5 sshd_config to learn more. Don't forget to reload the service afterwards.






    share|improve this answer
















    Why does ssh -N -R 2222:localhost:22 <bluehost_user>@<bluehost_ip> result in a "Remote port forwarding failed for listen port" error?




    I get this exact warning when I attempt to use a port that is already taken on the remote side.



    The output of netstat from bluehost indicates that something is already listening on port 2222 there. It doesn't show what it is though.



    Solutions:




    1. Change 2222 in your ssh invocation to some other port which is not in use on bluehost. Just make it greater than 1023 because regular users can't bind to well-known ports; otherwise you will get the same warning regardless of whether the port is in use or not.

    2. Or identify the listening process (on bluehost) with sudo lsof -i TCP:2222; terminate or reconfigure it to make the port 2222 available.



    Edit:



    In your case this part of man ssh seems important:




    -R [bind_address:]port:host:hostport
    
-R [bind_address:]port:local_socket
    
-R remote_socket:host:hostport
    
-R remote_socket:local_socket


    […] By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).




    It means you should have GatewayPorts yes in the sshd_config on bluehost. Read man 5 sshd_config to learn more. Don't forget to reload the service afterwards.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited 4 hours ago

























    answered Apr 2 '17 at 21:50









    Kamil MaciorowskiKamil Maciorowski

    28.8k156287




    28.8k156287













    • Interestingly, I'm seeing a connection from China (note I was using this host as a VPN from China when I was there a few weeks ago). While this host is a sandbox, it's still concerning <bluehost_user>@<bluehost_ip>:~$ netstat | grep 2222 tcp 0 0 <bluehost_ip>:2222 htuidc.bgp.ip:2599 SYN_RECV Port 2222 open or not, how would one connect without a username and password (note this is tcp not ssh)? I do have sshd listening on 2222 as configured in /etc/ssh/sshd_config.

      – ngm_code
      Apr 3 '17 at 13:51













    • Additional info from lsof: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 1034 root 3u IPv4 13344 0t0 TCP *:2222 (LISTEN) sshd 1034 root 4u IPv6 13353 0t0 TCP *:2222 (LISTEN)

      – ngm_code
      Apr 3 '17 at 13:53











    • @ngm_code So it's your sshd that needs to be reconfigured. Or just use another port when you ssh -R from elsewhere.

      – Kamil Maciorowski
      Apr 3 '17 at 14:00











    • Ok, I will take a look. So you're saying it's incompatible to open a port via /etc/ssh/sshd_config prior to opening it up at runtime via a call to ssh in the CLI?

      – ngm_code
      Apr 3 '17 at 20:43













    • @ngm_code Yes. Ports (or one port, usually 22) configured in sshd_config are for SSH clients to connect to. In your case you connect to one of these ports and order sshd to open additional port and tunnel it to your machine. If it could be the same port then sshd wouldn't know whether incoming packets are destined to it or to the tunnel.

      – Kamil Maciorowski
      Apr 3 '17 at 21:03



















    • Interestingly, I'm seeing a connection from China (note I was using this host as a VPN from China when I was there a few weeks ago). While this host is a sandbox, it's still concerning <bluehost_user>@<bluehost_ip>:~$ netstat | grep 2222 tcp 0 0 <bluehost_ip>:2222 htuidc.bgp.ip:2599 SYN_RECV Port 2222 open or not, how would one connect without a username and password (note this is tcp not ssh)? I do have sshd listening on 2222 as configured in /etc/ssh/sshd_config.

      – ngm_code
      Apr 3 '17 at 13:51













    • Additional info from lsof: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 1034 root 3u IPv4 13344 0t0 TCP *:2222 (LISTEN) sshd 1034 root 4u IPv6 13353 0t0 TCP *:2222 (LISTEN)

      – ngm_code
      Apr 3 '17 at 13:53











    • @ngm_code So it's your sshd that needs to be reconfigured. Or just use another port when you ssh -R from elsewhere.

      – Kamil Maciorowski
      Apr 3 '17 at 14:00











    • Ok, I will take a look. So you're saying it's incompatible to open a port via /etc/ssh/sshd_config prior to opening it up at runtime via a call to ssh in the CLI?

      – ngm_code
      Apr 3 '17 at 20:43













    • @ngm_code Yes. Ports (or one port, usually 22) configured in sshd_config are for SSH clients to connect to. In your case you connect to one of these ports and order sshd to open additional port and tunnel it to your machine. If it could be the same port then sshd wouldn't know whether incoming packets are destined to it or to the tunnel.

      – Kamil Maciorowski
      Apr 3 '17 at 21:03

















    Interestingly, I'm seeing a connection from China (note I was using this host as a VPN from China when I was there a few weeks ago). While this host is a sandbox, it's still concerning <bluehost_user>@<bluehost_ip>:~$ netstat | grep 2222 tcp 0 0 <bluehost_ip>:2222 htuidc.bgp.ip:2599 SYN_RECV Port 2222 open or not, how would one connect without a username and password (note this is tcp not ssh)? I do have sshd listening on 2222 as configured in /etc/ssh/sshd_config.

    – ngm_code
    Apr 3 '17 at 13:51







    Interestingly, I'm seeing a connection from China (note I was using this host as a VPN from China when I was there a few weeks ago). While this host is a sandbox, it's still concerning <bluehost_user>@<bluehost_ip>:~$ netstat | grep 2222 tcp 0 0 <bluehost_ip>:2222 htuidc.bgp.ip:2599 SYN_RECV Port 2222 open or not, how would one connect without a username and password (note this is tcp not ssh)? I do have sshd listening on 2222 as configured in /etc/ssh/sshd_config.

    – ngm_code
    Apr 3 '17 at 13:51















    Additional info from lsof: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 1034 root 3u IPv4 13344 0t0 TCP *:2222 (LISTEN) sshd 1034 root 4u IPv6 13353 0t0 TCP *:2222 (LISTEN)

    – ngm_code
    Apr 3 '17 at 13:53





    Additional info from lsof: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 1034 root 3u IPv4 13344 0t0 TCP *:2222 (LISTEN) sshd 1034 root 4u IPv6 13353 0t0 TCP *:2222 (LISTEN)

    – ngm_code
    Apr 3 '17 at 13:53













    @ngm_code So it's your sshd that needs to be reconfigured. Or just use another port when you ssh -R from elsewhere.

    – Kamil Maciorowski
    Apr 3 '17 at 14:00





    @ngm_code So it's your sshd that needs to be reconfigured. Or just use another port when you ssh -R from elsewhere.

    – Kamil Maciorowski
    Apr 3 '17 at 14:00













    Ok, I will take a look. So you're saying it's incompatible to open a port via /etc/ssh/sshd_config prior to opening it up at runtime via a call to ssh in the CLI?

    – ngm_code
    Apr 3 '17 at 20:43







    Ok, I will take a look. So you're saying it's incompatible to open a port via /etc/ssh/sshd_config prior to opening it up at runtime via a call to ssh in the CLI?

    – ngm_code
    Apr 3 '17 at 20:43















    @ngm_code Yes. Ports (or one port, usually 22) configured in sshd_config are for SSH clients to connect to. In your case you connect to one of these ports and order sshd to open additional port and tunnel it to your machine. If it could be the same port then sshd wouldn't know whether incoming packets are destined to it or to the tunnel.

    – Kamil Maciorowski
    Apr 3 '17 at 21:03





    @ngm_code Yes. Ports (or one port, usually 22) configured in sshd_config are for SSH clients to connect to. In your case you connect to one of these ports and order sshd to open additional port and tunnel it to your machine. If it could be the same port then sshd wouldn't know whether incoming packets are destined to it or to the tunnel.

    – Kamil Maciorowski
    Apr 3 '17 at 21:03













    3














    Make sure there is no hanging connection on port 2222 at bluehost.
    Test at bluehost lsof -t -i:2222 whether any process id is using port 2222. Additionally, kill this process (for example with kill $(lsof -t -i:2222)).



    This resolved the issue for me. Hopefully this information is useful for someone else. :)






    share|improve this answer




























      3














      Make sure there is no hanging connection on port 2222 at bluehost.
      Test at bluehost lsof -t -i:2222 whether any process id is using port 2222. Additionally, kill this process (for example with kill $(lsof -t -i:2222)).



      This resolved the issue for me. Hopefully this information is useful for someone else. :)






      share|improve this answer


























        3












        3








        3







        Make sure there is no hanging connection on port 2222 at bluehost.
        Test at bluehost lsof -t -i:2222 whether any process id is using port 2222. Additionally, kill this process (for example with kill $(lsof -t -i:2222)).



        This resolved the issue for me. Hopefully this information is useful for someone else. :)






        share|improve this answer













        Make sure there is no hanging connection on port 2222 at bluehost.
        Test at bluehost lsof -t -i:2222 whether any process id is using port 2222. Additionally, kill this process (for example with kill $(lsof -t -i:2222)).



        This resolved the issue for me. Hopefully this information is useful for someone else. :)







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jun 29 '18 at 9:43









        jervtubjervtub

        311




        311






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1194105%2fssh-troubleshooting-remote-port-forwarding-failed-for-listen-port-errors%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Cannot install PyQt5 The Next CEO of Stack OverflowCannot install tcpreplay 3.4.4cannot...

            Image
            Prepend last line of stdin to entire stdin Integral in polar coordinate on a circle where the function is non holomorphic Can Plant Growth be repeatedly cast on the same area to exponentially increase the yield of harvests there (more than twice)? Lucky Feat: How can "more than one creature spend a luck point to influence the outcome of a roll"? Is it ever safe to open a suspicious HTML file (e.g. email attachment)? How to properly draw diagonal line while using multicolumn inside tabular environment? Draw arrow between Venn diagrams Why the last AS PATH item always is `I` or `?`? Reference request: Grassmannian and Plucker coordinates in type B, C, D ...
            Read more

            Kapp-Putsch Acontecimentos | Outros artigos | Menu de navegação

            Image
            República de Weimar1920 na AlemanhaTentativas de golpes de EstadoConflitos em 1920 golpe de EstadoRepública de WeimarWolfgang KappWalther von LüttwitzReichpräsidentsocialdemocrataFriedrich EbertTratado de VersalhesPrimeira Guerra MundialTratado de VersalhesMarinebrigade EhrhardtHermann EhrhardtWalther von LüttwitzBerlimFriedrich EbertGustav NoskeWolfgang KappPrússia OrientalHans von SeecktDresdenGeorg MaerckerStuttgartgreve geralSuécia Putschistas em Berlim. O cartaz diz: "Alto. Se continuar, será atirado" O Kapp-Putsch foi uma tentativa de golpe de Estado no início da República de Weimar entre 13 e 17 de março de 1920, conduzido pelo político Wolfgang Kapp e o general Walther von Lüttwitz. O objetivo do golpe de Estado era o Reichpräsident (presidente), o socialdemocrata Friedrich Ebert. O putsch opunha-se ao Tratado de Versalhes assinado após o fim da Primeira Guerra Mundial. Acontecimentos | O Tratado de Versalhes exigia uma redução significativa do exérci...
            Read more

            Why did early computer designers eschew integers? The Next CEO of Stack OverflowWhat register...

            Image
            Is there a difference between "Fahrstuhl" and "Aufzug"? What is the difference between "hamstring tendon" and "common hamstring tendon"? Why did early computer designers eschew integers? What steps are necessary to read a Modern SSD in Medieval Europe? Is a distribution that is normal, but highly skewed, considered Gaussian? Does higher Oxidation/ reduction potential translate to higher energy storage in battery? From jafe to El-Guest In the "Harry Potter and the Order of the Phoenix" video game, what potion is used to sabotage Umbridge's speakers? Can I calculate next year's exemptions based on this year's ref...
            Read more