Question: Why does ssh -N -R 2222:localhost:22 <bluehost_user>@<bluehost_ip>
result in a "Remote port forwarding failed for listen port" error? The objective is to establish a reverse tunnel with port forwarding in order to consistently ssh into a host behind a NAT router that has a dynamic private IP. See image for details.
Already Tried:
- Researched existing literature on Google, Stackoverflow, etc. There are topics concerning this error message, however the resolutions given resolve root causes different than that of this particular instance because those resolutions do not resolve the error in this case.
- I've performed several diagnostics to validate the required ports are open. Some of those results are shown in the image below.
Reverse SSH Tunnel
Update
I was trying the following command for Step 2:
reduser@redhost:~ ssh greenuser@greenhost -p 2222
It should be:
reduser@redhost:~ ssh greenuser@bluehost -p 2222
You want to use the greenuser credentials on the bluehost IP because the host you are loging into when you use port 2222 is really the greenhost.
Best Answer
I get this exact warning when I attempt to use a port that is already taken on the remote side.
The output of
netstat
frombluehost
indicates that something is already listening on port2222
there. It doesn't show what it is though.Solutions:
2222
in yourssh
invocation to some other port which is not in use onbluehost
. Just make it greater than1023
because regular users can't bind to well-known ports; otherwise you will get the same warning regardless of whether the port is in use or not.bluehost
) withsudo lsof -i TCP:2222
; terminate or reconfigure it to make the port2222
available.Edit:
In your case this part of
man ssh
seems important:It means you should have
GatewayPorts yes
in thesshd_config
onbluehost
. Readman 5 sshd_config
to learn more. Don't forget to reload the service afterwards.