22

I use ssh user@xx.yy.zz.41 -p 1234 -D 9898 command for tunneling, and I set firefox socks5 ip to 127.0.0.1 and its port to 9898. It works successfully ,but in terminal I have error in output:

channel 39: open failed: connect failed: Connection timed out
channel 41: open failed: connect failed: Connection timed out
channel 42: open failed: connect failed: Connection timed out
channel 43: open failed: connect failed: Connection timed out
channel 44: open failed: connect failed: Connection timed out

It's occurs periodically. What's this? Is it a problem? What can I do?

Arash Mousavi
  • 658
  • 3
  • 8
  • 21

2 Answers2

24

I have experienced similar issues. If you are tunneling with Firefox through ssh, some http connections can simply timeout due to server load or improper configuration. When the connection actually does timeout, you'll get an error message like the one you indicated.

You can suppress these messages with the following command

ssh user@xx.yy.zz.41 -p 1234 -D 9898 -q

From the man page ssh(1)

 -q      Quiet mode.  Causes most warning and diagnostic messages to be sup-
         pressed.

Suppressing the message will keep the warnings from messing up your ssh or screen sessions.

Gordolio
  • 366
  • 2
  • 5
  • Thanks this solution works great! One question: this timeout occurs periodically even when all browser processes are closed. I'm trying to determine what is causing the timeout and where the request is is being sent. any suggestions on how to display more verbose error information for the ssh tunnel? – gnarbarian Sep 14 '18 at 19:07
4

Set the GatewayPorts to yes and try again.

ssh -o 'GatewayPorts yes' user@xx.yy.zz.41 -p 1234 -D 9898

man ssh_config

 DynamicForward
         Specifies that a TCP port on the local machine be forwarded over the secure channel, and the application protocol
         is then used to determine where to connect to from the remote machine.

         The argument must be [bind_address:]port.  IPv6 addresses can be specified by enclosing addresses in square
         brackets.  By default, the local port is bound in accordance with the GatewayPorts setting.  However, an explicit
         bind_address may be used to bind the connection to a specific address.  The bind_address of “localhost” indicates
         that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should
         be available from all interfaces.

         Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh(1) will act as a SOCKS server.  Multiple for‐
         wardings may be specified, and additional forwardings can be given on the command line.  Only the superuser can
         forward privileged ports.

 GatewayPorts
         Specifies whether remote hosts are allowed to connect to local forwarded ports.  By default, ssh(1) binds local
         port forwardings to the loopback address.  This prevents other remote hosts from connecting to forwarded ports.
         GatewayPorts can be used to specify that ssh should bind local port forwardings to the wildcard address, thus
         allowing remote hosts to connect to forwarded ports.  The argument must be “yes” or “no”.  The default is “no”.
quanta
  • 50,327
  • 19
  • 152
  • 213
  • 1
    I use -o 'GatewayPorts yes' but this error occurred again. – Arash Mousavi Feb 21 '13 at 06:06
  • GatewayPorts is not the problem. Gateway ports lets the ssh server listen to non-local ports. GatewayPorts becomes very useful when doing a reverse tunnel - allowing hosts from the private network to connect back to your ssh client host. Gordolio has it right above: the SOCKS server started by the local ssh is complaining when it can't reach host/port requested by SOCKS client users (as in Gordolio's example, Firefox ). – Mark Jan 27 '18 at 00:27