Join Log in
Score:0
ivan biba avatar Server

SSH Tunnel to ssl-protected server fails when client connects through tunnel

us flag
ivan biba

I have a server that has two transport implementations, they are implemented on Qt. Secure and insecure. Secure transport uses QSslSocket, other QTCPSocket. One transport is secure, the other is not.

Both work fine when you connect locally, over VPN or local network. But when you create SSH tunnel to this server on remote machine:

ssh -vvvvv -N -C -p 22 [email protected] -L 2506:localhost:2506

... this is where problems start to appear. When I created a tunnel for this server port and tried to connect when servers run insecure implementation of transport - everything is fine. Tunnel is working and the client can connect and work with the server. But when a secure implementation is used (QSslSocket), the ssh tunnel instantly fails right after the client attempts to connect. Errors shown below. Why does this happen?

debug1: Local connections to LOCALHOST:2506 forwarded to remote address localhost:2506
debug3: channel_setup_fwd_listener_tcpip: type 2 wildcard 0 addr NULL
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Local forwarding listening on ::1 port 2506.
debug2: fd 4 setting O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 2506.
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [port listener]
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug1: Requesting [email protected]
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Connection to port 2506 forwarding to localhost port 2506 requested.
debug2: fd 6 setting TCP_NODELAY
debug2: fd 6 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug1: channel 2: new [direct-tcpip]
debug3: send packet: type 90
debug3: receive packet: type 92
channel 2: open failed: connect failed: Connection refused
debug2: channel 2: zombie
debug2: channel 2: garbage collecting
debug1: channel 2: free: direct-tcpip: listening port 2506 for localhost port 2506, connect from 127.0.0.1 port 61194 to 127.0.0.1 port 2506, nchannels 3
debug3: channel 2: status: The following connections are open:
444
1 + 0
ssl
Score:0
Steffen Ullrich avatar Server
se flag
Steffen Ullrich 
channel 2: open failed: connect failed: Connection refused

This means that there is nobody listening on the given address (localhost:2506). So either you program is not started, is crashed, is listening on a different port or has other problems. That's all what can be seen from the logs, for the rest see your program and check with netstat where something is actually listening.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.