# ssh port forwarding problem

## jackyn01

Hi all,

I am trying to setup pair programming on the hardened Gentoo. I have two user account; one for management and another one for pair. I’ve created public/private ssh key for both accounts and appended public key to the authorized_keys files. I’ve also appended my local public key to the authorized_keys file. I tested both account and I can login to it using publickey authentication. The idea is for me to login to Gentoo using my account and my partner login to it using the pair account,then the pair user ssh to my account locally via port 13370. However, it prompted me for password when pair user tried to ssh to my account via port 13370. I followed http://www.zeespencer.com/articles/building-a-remote-pairing-setup/ and configured sshd_config as recommand. Please help, thank you.

Below is the debug message when trying to ssh to pair(pair user forced command to ssh to my account on port 13370)

host:~ my local machine$ ssh -vvvv igs-pair@my-server

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

debug1: Reading configuration data /etc/ssh_config

debug1: /etc/ssh_config line 20: Applying options for *

debug2: ssh_connect: needpriv 0

debug1: Connecting to my-server [server-ip] port 22.

debug1: Connection established.

debug3: Incorrect RSA1 identifier

debug3: Could not load "/Users/my local machine/.ssh/id_rsa" as a RSA1 public key

debug1: identity file /Users/my local machine/.ssh/id_rsa type 1

debug1: identity file /Users/my local machine/.ssh/id_rsa-cert type -1

debug1: identity file /Users/my local machine/.ssh/id_dsa type -1

debug1: identity file /Users/my local machine/.ssh/id_dsa-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_6.2

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1-hpn13v11

debug1: match: OpenSSH_5.9p1-hpn13v11 pat OpenSSH_5*

debug2: fd 3 setting O_NONBLOCK

debug3: load_hostkeys: loading entries for host "my-server" from file "/Users/my local machine/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /Users/my local machine/.ssh/known_hosts:5

debug3: load_hostkeys: loaded 1 keys

debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_setup: found hmac-md5

debug1: kex: server->client aes128-ctr hmac-md5 none

debug2: mac_setup: found hmac-md5

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 131/256

debug2: bits set: 507/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Server host key: RSA 73:c5:1f:57:cb:8f:5c:6e:83:b7:41:35:cb:05:d9:a7

debug3: load_hostkeys: loading entries for host "my-server" from file "/Users/my local machine/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /Users/my local machine/.ssh/known_hosts:5

debug3: load_hostkeys: loaded 1 keys

debug3: load_hostkeys: loading entries for host "server-ip" from file "/Users/my local machine/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /Users/my local machine/.ssh/known_hosts:5

debug3: load_hostkeys: loaded 1 keys

debug1: Host 'my-server' is known and matches the RSA host key.

debug1: Found key in /Users/my local machine/.ssh/known_hosts:5

debug2: bits set: 526/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /Users/my local machine/.ssh/id_rsa (0x7f842be001e0),

debug2: key: /Users/my local machine/.ssh/id_dsa (0x0),

debug1: Authentications that can continue: publickey

debug3: start over, passed a different list publickey

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering RSA public key: /Users/my local machine/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Server accepts key: pkalg ssh-rsa blen 279

debug2: input_userauth_pk_ok: fp 65:90:22:b7:2e:f5:99:e8:17:33:da:11:90:fe:d3:0b

debug3: sign_and_send_pubkey: RSA 65:90:22:b7:2e:f5:99:e8:17:33:da:11:90:fe:d3:0b

debug1: read PEM private key done: type RSA

debug1: Authentication succeeded (publickey).

Authenticated to my-server ([server-ip]:22).

debug1: channel 0: new [client-session]

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

debug1: Remote: Forced command.

debug1: Remote: Port forwarding disabled.

debug1: Remote: X11 forwarding disabled.

debug1: Remote: Agent forwarding disabled.

debug1: Remote: Forced command.

debug1: Remote: Port forwarding disabled.

debug1: Remote: X11 forwarding disabled.

debug1: Remote: Agent forwarding disabled.

debug2: callback start

debug2: fd 3 setting TCP_NODELAY

debug3: packet_set_tos: set IP_TOS 0x10

debug2: client_session2_setup: id 0

debug2: channel 0: request pty-req confirm 1

debug1: Sending environment.

debug3: Ignored env TERM_PROGRAM

debug3: Ignored env TERM

debug3: Ignored env SHELL

debug3: Ignored env TMPDIR

debug3: Ignored env Apple_PubSub_Socket_Render

debug3: Ignored env USER

debug3: Ignored env SSH_AUTH_SOCK

debug3: Ignored env __CF_USER_TEXT_ENCODING

debug3: Ignored env __CHECKFIX1436934

debug3: Ignored env PATH

debug3: Ignored env PWD

debug1: Sending env LANG = en_US.UTF-8

debug2: channel 0: request env confirm 0

debug3: Ignored env ITERM_PROFILE

debug3: Ignored env SHLVL

debug3: Ignored env COLORFGBG

debug3: Ignored env HOME

debug3: Ignored env ITERM_SESSION_ID

debug3: Ignored env LOGNAME

debug3: Ignored env _

debug2: channel 0: request shell confirm 1

debug2: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug2: channel_input_status_confirm: type 99 id 0

debug2: PTY allocation request accepted on channel 0

debug2: channel 0: rcvd adjust 87380

debug2: channel_input_status_confirm: type 99 id 0

debug2: shell request accepted on channel 0

Password:

----------

## Hu

Why add the extra complexity of the port forward?  If you want the pair user to log in as you, then have him log in as you via an authorized key.  You might be better served by having you su to the pair user's account instead of the other way around.

----------

