# ssh denies port forwards

## manwithaplan1976

I have a home Gentoo ssh server that is used for tunneling. When my notebook connects to the server I get a:

```
Warning: remote port forwarding failed for listen port 25000
```

I use this command from the notebook

```
screen -d -m autossh gentooserver.whatever.com -l theone -R 25000:127.0.0.1:22 -k -X 
```

It makes the connection, just fails to forward the port to localhost

So, on the Gentoo server, sometimes I have to restart sshd service, in order for the notebook to forward the port... Very annoying... Sometimes the forwarding doesn't work at all...

I've attached my sshd_config file to see if anyone can help config it to keep port forwarding open so I dont have to constantly reset it.

Everything seems correct... just dont know why I have to always reset the server for connections. New with ssh, so my config might be way off

 *Quote:*   

> 
> 
> #	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
> 
> # This is the sshd server system-wide configuration file.  See
> ...

 

NOTE: the notebook is on a 35% connection to a remote wireless router.

----------

## cach0rr0

-check the ssh and other logs on the remote host

-confirm nothing else is already listening on 25000 on the remote host (e.g. no stale half-open sockets)

be the first place id head at least

----------

## manwithaplan1976

 *cach0rr0 wrote:*   

> -check the ssh and other logs on the remote host
> 
> -confirm nothing else is already listening on 25000 on the remote host (e.g. no stale half-open sockets)
> 
> be the first place id head at least

 

I ran a netstat to check any ports that might occupied ..

```
netstat -a | grep 25000

tcp        0      0 *:25000                 *:*                     LISTEN
```

other then that I cant seem to see why the port isn't forwarding

----------

## cach0rr0

i'm confused. that shows something listening already.

do a netstat -anp |grep :25000 and see what's listening on that part

The fact that restarting SSH frees it up almost makes it sound as though you've already created another tunnel in another window using that port

----------

## manwithaplan1976

Ahh ... something is wrong with this.... I do run a couple ssh startup scripts from the notebook. 

```
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     8099/sshd           

tcp        0    160 192.168.0.101:22        98.202.76.199:44892     ESTABLISHED8159/sshd: theone [ 

tcp        0    160 192.168.0.101:22        98.202.76.199:37151     ESTABLISHED8127/sshd: theone [ 

tcp        0    224 192.168.0.101:22        98.202.76.199:44893     ESTABLISHED8192/sshd: theone [ 

tcp        0      0 192.168.0.101:22        98.202.76.199:52277     ESTABLISHED8273/sshd: theone [ 

tcp6       0      0 :::22                   :::*                    LISTEN     8099/sshd 
```

----------

## cach0rr0

basically what im getting at

-if something is already listening at :25000 on the remote host

-and you try forwarding :22 on localhost to :25000 on the remote host

it will fail; the socket is already in use. 

Of course you could always test this theory by incrementing it each time you fire off an SSH session (e.g. :25001, :25002, etc)

----------

## manwithaplan1976

 *cach0rr0 wrote:*   

> basically what im getting at
> 
> -if something is already listening at :25000 on the remote host
> 
> -and you try forwarding :22 on localhost to :25000 on the remote host
> ...

 

Your right... And, I have challenged that theory...  

This is a weird problem because the tcp connection doesn't close when the notebook is shutoff or is restarted. So, it seems my server is already listening on port 25000 when the notebook restarts.... then refusing the ssh connection.  

Maybe a solution would be to have my notebook script challenge port 25000, and if used, then increment or default to another port...

This is all server side though.... Is there anything wrong with my sshd_config file...? 

Thx BTW...

----------

## manwithaplan1976

You have any idea (where to begin) on how I can close port localhost:25000 on the server whenever the notebook restarts?

It seems that once a forward is made on the localhost it stays open, so whenever I try another forward connection, its refused by the server.

Just like to shutdown the port 25000 on the localhost once the reverse tunnel is closed.

----------

## Aurisor

It seems you are running screen on the local machine, which will cause the tunnel to persist.  I could imagine a scenario where upon rebooting the local machine, the screen'd ssh connection is not cleanly closed, and the server keeps it open.

Something to think about.

----------

## Bircoph

 *Quote:*   

> 
> 
> #PermitTunnel yes 
> 
> 

 

Why commented out? Tunneling is disabled by default.

----------

