ssh tunnel on university account

3

I'm trying to set up a SSH tunnel through to my university account (unix shell) from home using Putty and this guide but when I try to access any site, Firefox yelps.

The connection to the server was reset while the page was loading.

The university server is running SunOS 5.10 if it's any help.

Putty's log is saying

Forwarded connection refused by server: Administratively prohibited [open failed]

Is there any command I can run on the shell to open the port?

Thanks

La-Brat

Posted 2012-08-12T13:57:49.110

Reputation: 31

Answers

0

Looks like SSH server config is forbidding this (there are options about which forwarded connections to allow and which not). As stated in the sshd_config manpage ("Note that disabling TCP does not improve security unless users are also denied shell access"), you can probably workaround starting some custom program (for example, SOCKS5 server and socat; or slirp) to use "shell" access to do the networking.

Vi.

Posted 2012-08-12T13:57:49.110

Reputation: 13 705

0

In addition to Vi.'s answer, this might also be related to the DNS timing out (or maybe not being configured correctly in the first place): Forwarded connection refused by server: Administratively prohibited [open failed].

In such case, you might be able to get around these DNS issues by something like network.proxy.socks_remote_dns;false.

Otherwise, as Vi. points out, indeed, sshd_config(5) has the following wording in regards to a possible blocking of TCP:

 AllowTcpForwarding
         Specifies whether TCP forwarding is permitted.  The available
         options are ``yes'' or ``all'' to allow TCP forwarding, ``no'' to
         prevent all TCP forwarding, ``local'' to allow local (from the
         perspective of ssh(1)) forwarding only or ``remote'' to allow
         remote forwarding only.  The default is ``yes''.  Note that
         disabling TCP forwarding does not improve security unless users
         are also denied shell access, as they can always install their
         own forwarders.

Ports above 1024 generally don't require root privileges on most systems -- so, potentially, you might be able to run your own sshd or proxy on an upper-level port (you could even ssh back to your home machine, and do a secure forwarding of a single port that way).

cnst

Posted 2012-08-12T13:57:49.110

Reputation: 1 857

Asked: 2012-08-12T13:57:49.110

Viewed: 551 times

Active: 2014-01-12T18:30:22.950