reverse mapping checking getaddrinfo failed - POSSIBLE BREAK-IN ATTEMPT!
Weird problem has just developed.I was trying to port tunnel via relay through an intermediate ssh server. I have to do this because I got tired of script kiddie attacks filling my secure.log so I use port ≠ 22 at home. But my employer's preventers of information services block outbound traffic to destination ports other than the well known ports (and some well known ports too). So I have to ssh to an intermediate server then from there I can ssh to home, like this:
The ssh session sets up just fine and I have full shell access to home. But when I try to ⌘k to afp://localhost:10548 I get a pair of error messages in the shell that says:
(the channel numbers change but the message is the same)
This worked just fine as recently as maybe two weeks ago (the last time I did this) and had been working fine for years. I can't think of a darned thing that I may have done to anything to have changed anything.
On the machine at home to which I am trying to afp, it's /var/log/secure.log has some entries, that correspond to the time of my remote login (uses DSA key exchange), that read:
Again, the shell session is successful, that's how I retrieved this info out of secure.log. It's just the forward port tunnels that aren't working. Although, the nastygram is annoying...
I get the same reverse mapping nastygram when concatenating the two ssh commands without "-L" port forward tunnel option.
Not seeing this behavior when connecting from another machine on the same home network with no intermediate server.
I tried a lot of different things last night, so my memory is a little fuzzy now, but I think I was successful with tunneled AFP mount when connecting from a home machine to another machine on the home network acting as an intermediate server. But when connecting from home machine to this (external) intermediate server then back into home network, I got the same nastygram and failure to ⌘k to afp://localhost:10548. At least I think that I seem to recall that that's what happened...
Looks like something to do with reverse mapping of something to this particular (and only one available to me and that I would trust) intermediate server but not exactly sure what it all means or how to fix it. So, does anyone have a clue what might be going on that would be allowing me to have a full access shell session but unable to tunnel ports all of a sudden? What is this reverse mapping nastygram? Is there something like a known_hosts file that I could delete? (I already took out all my .ssh/known_hosts files at the remote client, intermediate server and home ssh server, that didn't help).
Thanks
from work:
ssh -L10548:localhost:50548 intermediate.server.com
from intermediate server:
ssh -p56789 -L50548:localhost:548 home.network.com
The ssh session sets up just fine and I have full shell access to home. But when I try to ⌘k to afp://localhost:10548 I get a pair of error messages in the shell that says:
channel 4: open failed: administratively prohibited: open failed
channel 5: open failed: administratively prohibited: open failed
(the channel numbers change but the message is the same)
This worked just fine as recently as maybe two weeks ago (the last time I did this) and had been working fine for years. I can't think of a darned thing that I may have done to anything to have changed anything.
On the machine at home to which I am trying to afp, it's /var/log/secure.log has some entries, that correspond to the time of my remote login (uses DSA key exchange), that read:
Sep 14 07:55:11 iMac sshd[614]: reverse mapping checking getaddrinfo for intermediateServerHostName [intermediate.Server.IP.address] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 14 07:55:20 iMac sshd[614]: Accepted publickey for jv from intermediate.Server.IP.address port 25553 ssh2
Again, the shell session is successful, that's how I retrieved this info out of secure.log. It's just the forward port tunnels that aren't working. Although, the nastygram is annoying...
I get the same reverse mapping nastygram when concatenating the two ssh commands without "-L" port forward tunnel option.
Not seeing this behavior when connecting from another machine on the same home network with no intermediate server.
I tried a lot of different things last night, so my memory is a little fuzzy now, but I think I was successful with tunneled AFP mount when connecting from a home machine to another machine on the home network acting as an intermediate server. But when connecting from home machine to this (external) intermediate server then back into home network, I got the same nastygram and failure to ⌘k to afp://localhost:10548. At least I think that I seem to recall that that's what happened...
Looks like something to do with reverse mapping of something to this particular (and only one available to me and that I would trust) intermediate server but not exactly sure what it all means or how to fix it. So, does anyone have a clue what might be going on that would be allowing me to have a full access shell session but unable to tunnel ports all of a sudden? What is this reverse mapping nastygram? Is there something like a known_hosts file that I could delete? (I already took out all my .ssh/known_hosts files at the remote client, intermediate server and home ssh server, that didn't help).
Thanks
2008 Mac Pro (10.6.4), 2008 MacBook aluminum (10.6.4), 2007 iMac (10.6.4), and, 2001 Quicksilver (10.5.8)
