SSH隧道本地连接正常但远程连接被拒绝的问题排查求助
2026-4-17
SSH隧道本地连接正常但远程连接被拒绝的问题排查求助
各位好,我碰到了一个SSH反向隧道的问题,折腾了一阵没找到根因,想请教下大家:
我是这么建立SSH反向隧道的:
/usr/bin/ssh -vvv -o ServerAliveInterval=10 -o ServerAliveCountMax=3 -R 15000:127.0.0.1: 15000 -N mylinode.domain.com
隧道建立时的调试日志如下,看起来认证和转发设置都成功了:
debug1: Offering public key: /Users/rcook/.ssh/id_rsa RSA SHA256:8Y33c0fxIoqd3SmemVpq5jOPdaqPQ/DnadmlP6A4q14 debug1: Server accepts key: /Users/rcook/.ssh/id_rsa RSA SHA256:8Y33c0fxIoqd3SmemVpq5jOPdaqPQ/DnadmlP6A4q14 Authenticated to mylinode.domain.com ([45.79.100.248]:22) using "publickey". debug1: Remote connections from LOCALHOST:15000 forwarded to local address localhost:15000 debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: filesystem debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: client_input_hostkeys: searching /Users/rcook/.ssh/known_hosts for mylinode.domain.com / (none) debug1: client_input_hostkeys: searching /Users/rcook/.ssh/known_hosts2 for mylinode.domain.com / (none) debug1: client_input_hostkeys: hostkeys file /Users/rcook/.ssh/known_hosts2 does not exist debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update debug1: pledge: network debug1: Remote: /home/rcook/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug1: Remote: /home/rcook/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug1: Remote: Forwarding listen address "localhost" overridden by server GatewayPorts debug1: remote forward success for: listen 15000, connect localhost:15000
现在的问题是:
- 我在防火墙里已经为这台linode主机开放了22000端口的TCP和UDP访问
- 在linode机器上,用
telnet localhost 22000能正常连接到隧道 - 但从其他机器尝试连接时,直接被拒绝,比如用nc测试的结果:
rcook@MacBook-Pro-2021 (obsidian-media-db-plugin (master)): nc -zv mylinode.domain.com 22000 nc: connectx to mylinode.domain.com port 22000 (tcp) failed: Connection refused
我检查了linode上的/etc/sshd/sshd_config,相关配置是这样的:
#AllowAgentForwarding yes AllowTcpForwarding yes GatewayPorts yes X11Forwarding yes
有没有大佬能帮我分析下可能的原因?
备注:内容来源于stack exchange,提问作者Rich
