X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-1.0 required=5.0 tests=AWL,BAYES_00,T_RP_MATCHES_RCVD
X-Spam-Check-By:	sourceware.org
Message-ID:	<4C9BACB5.10704@ece.cmu.edu>
Date:	Thu, 23 Sep 2010 21:38:29 +0200
From:	Ryan Johnson <ryanjohn AT ece DOT cmu DOT edu>
User-Agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100802 Lightning/1.0b2 Thunderbird/3.1.2
MIME-Version:	1.0
To:	"Maring, Steven" <Steven DOT Maring AT gentiva DOT com>
CC:	"cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject:	Re: openssh port forwarding administratively prohibited
References:	<664775FB2795E044BD3CAC00D0A0D9826F352782 AT FLTPNPEXC002 DOT Gentiva DOT GHSNet DOT Com>
In-Reply-To:	<664775FB2795E044BD3CAC00D0A0D9826F352782@FLTPNPEXC002.Gentiva.GHSNet.Com>
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

  On 8:59 PM, Maring, Steven wrote:
>  From a 50K foot perspective, what I'm trying to do is punch a hole through my corporate http proxy to get to github.  By itself, cygwin, along with openssh and corkscrew, does not have a problem (i.e. remote git commands work).  However, I would also like to make use of the eGit Eclipse plugin, which unfortunately does not support the notion of a proxy.  So, I thought that if I could setup a local port forwarding I might be able to get eGit to connect ... but it isn't working.I've included the openssh, git, and corkscrew packages in my cygwin install.
>
> I then ran ssh-host-config, but I didn't think actually running the sshd via 'net start sshd' would be required.  The port forwarding does not seem to work either way.
<snip>
> $ ssh -L 22:github.com:22 -v -N git AT github DOT com
<snip>
> and then try to connect from another console like this ...
>
> $ ssh -v -N git AT localhost
<snip>
> then my tunnel says ...
>
> debug1: Connection to port 22 forwarding to github.com port 22 requested.
> debug1: channel 1: new [direct-tcpip]
> channel 1: open failed: administratively prohibited: open failed
> debug1: channel 1: free: direct-tcpip: listening port 22 for github.com port 22, connect from 127.0.0.1 port 1130, nchannels 2
This sounds like a vanilla ssh issue to me rather than anything 
cygwin-specific.

Several things come to mind right off. First, I've seen the 
"administratively prohibited" message when there was no port forwarding 
in place at all. Not the most intuitive message, but whatever...

Second, it's often "difficult" to forward to "privileged" ports (< 
1024), though that wasn't a problem when I tested it on my cygwin install.

Finally (and probably the real issue) ssh-host-config sets things up for 
(and starts) the sshd service, which means port 22 on your machine is 
already in use and the port forwarding comes up empty-handed. Try "net 
stop sshd", or else tell ssh "-L 2222:github.com:22" and see if that 
gets you anywhere (I don't use git but I assume there's a way to point 
it at ports besides the default 22). Note that connecting this way will 
mess up the known_hosts file and make ssh yell at you if you ever happen 
to ssh to localhost (or to any other machine tunneled to localhost). I 
think there are ways around this with aliases or something... man 
ssh_config?

Regards,
Ryan


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -