-R for serveo.net or ssh-j.com on Windows10 and Debian12

[abakum]

#OpenSSH -R with OpenSSH -J works! 
#`ssh -v rn` or `ssh -v -R test:22:10.161.115.160:22 test@serveo.net`
#`ssh -v rc` or `ssh -v -R test:22:10.161.115.160:22 test@ssh-j.com`
# then
#`ssh -v jn` or `ssh -v -J test@serveo.net root@test`
#`ssh -v jc` or `ssh -v -J test@ssh-j.com root@test`

#OpenSSH -R with tssh -J works too!
#`ssh -v rn` or `ssh -v -R test:22:10.161.115.160:22 test@serveo.net`
#`ssh -v rc` or `ssh -v -R test:22:10.161.115.160:22 test@ssh-j.com`
# then
#`tssh -debug jn` or `tssh -debug -J test@serveo.net root@test`
#`tssh -debug jc` or `tssh -debug -J test@ssh-j.com root@test`

#tssh -R start then exit
#how to fix tssh -R?
#`tssh -debug rn` or `tssh -debug -R test:22:10.161.115.160:22 test@serveo.net`

#tssh -N -R start then hang - BUG?
#`tssh -debug -N rn` or `tssh -debug -N -R test:22:10.161.115.160:22 test@serveo.net`
#tssh -J fail
#`tssh -debug jn` or `tssh -debug -J test@serveo.net root@test`
#OpenSSH -J fail
#`ssh -v jn` or `ssh -v -J test@serveo.net root@test`

#tssh -R start
#`tssh -debug rc` or `tssh -debug -R test:22:10.161.115.160:22 test@ssh-j.com`
#but tssh -J fail
#`tssh -debug jc` or `tssh -debug -J test@ssh-j.com root@test`
#OpenSSH -J fail too
#`ssh -v jc` or `ssh -v -J test@ssh-j.com root@test`
#how to fix tssh -R?

#my %HOMEPATH%\.ssh\config

`

Host target
User root
HostName 10.161.115.160
Host rn
RemoteForward test:22 10.161.115.160:22
User test
HostName serveo.net
PreferredAuthentications keyboard-interactive
Host jn
ProxyJump test@serveo.net
User root
HostName test
Host rc
RemoteForward test:22 10.161.115.160:22
User test
HostName ssh-j.com
PreferredAuthentications none
Host jc
ProxyJump test@ssh-j.com
User root
HostName test
`

[abakum]

On Debian12

debug: login to [rn], addr: serveo.net:22
debug: login to [rn] success
debug: forward listen on remote 'test:22' failed: lookup test on 192.168.0.1:53: no such host

debug: login to [rc], addr: ssh-j.com:22
debug: login to [rc] success
debug: forward listen on remote 'test:22' failed: lookup test on 192.168.0.1:53: no such host

On Windows10

debug: login to [rn], addr: serveo.net:22
debug: login to [rn] success
debug: forward listen on remote 'test:22' success

debug: login to [rc], addr: ssh-j.com:22
debug: login to [rc] success
debug: forward listen on remote 'test:22' success

[lonnywong]

Try ping test on the remote server.

trzsz-ssh/tssh/forward.go

Line 230 in 69a174c

debug("forward listen on remote '%s' failed: %v", address, err)

[abakum]

That's why golang resolved alias on local PC before send request to bind it on remote host?
OpenSSH doesn't do that because everyone works through it.
Well, okay, but why is the debug different, but Windows and Linux?

[abakum]

Try ping test on the remote server.

trzsz-ssh/tssh/forward.go

Line 230 in 69a174c

debug("forward listen on remote '%s' failed: %v", address, err)

Remote hosts serveo.net and ssh-j.com is public jumphost. There is no shell access to them.

[lonnywong]

Well, okay, but why is the debug different, but Windows and Linux?

Are Debian12 and Windows10 local machines? What is the difference in the results of their ping test on local ?

[abakum]

Debian12 and Windows10 is local machines. test is alias for jumphosts
I add to /etc/hosts

51.15.109.222 tc
138.68.79.95 tn

And change ~/.ssh/config

#my ~/.ssh/config
Host target
 User root
 HostName 10.161.115.160
Host rn
 RemoteForward tn:22 10.161.115.160:22
 User tn
 HostName serveo.net
 PreferredAuthentications keyboard-interactive
Host jn
 ProxyJump tn@serveo.net
 User root
 HostName tn
Host rc
 RemoteForward tc:22 10.161.115.160:22
 User tc
 HostName ssh-j.com
 PreferredAuthentications none
Host jc
 ProxyJump tc@ssh-j.com
 User root
 HostName tc

But the problem remains

[lonnywong]

openssh resolves domain names locally, but tssh resolves domain names remotely. Using IP directly should avoid the issue.

[abakum]

d

Try ping test on the remote server.

trzsz-ssh/tssh/forward.go

Line 230 in 69a174c

debug("forward listen on remote '%s' failed: %v", address, err)

On Windows10 test is resolved. All ok with debug message

[abakum]

openssh resolves domain names locally, but tssh resolves domain names remotely. Using IP directly should avoid the issue.

#tssh -R start then exit
#how to fix tssh -R?

1koka@debian:~$ tssh -debug rn

`

debug: /home/koka/.tssh.conf does not exist
debug: open config [/home/koka/.ssh/config] success
debug: decode config [/home/koka/.ssh/config] success
debug: open config [/etc/ssh/ssh_config] success
debug: decode config [/etc/ssh/ssh_config] success
debug: extended config [/home/koka/.ssh/password] does not exist
debug: new ssh agent client [/tmp/ssh-XXXXklzv0D/agent.31174] success
debug: will attempt key: ssh-agent ssh-rsa SHA256:7Q/uIPLtRTP2v7jxnqU5G9FZbEazI2oYv3AEWkWZzHY
debug: add auth method: public key authentication
debug: add auth method: keyboard interactive authentication
debug: add auth method: password authentication
debug: add UserKnownHostsFile: /home/koka/.ssh/known_hosts
debug: UserKnownHostsFile [/home/koka/.ssh/known_hosts2] does not exist
debug: GlobalKnownHostsFile [/etc/ssh/ssh_known_hosts] does not exist
debug: GlobalKnownHostsFile [/etc/ssh/ssh_known_hosts2] does not exist
debug: user declared ciphers: [chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com aes128-cbc aes192-cbc aes256-cbc]
debug: client supported ciphers: [chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com aes128-cbc]
debug: login to [rn], addr: serveo.net:22
debug: login to [rn] success
debug: forward listen on remote 'tn:22' success
debug: send env regexp: (^LANG$)|(^LC_.*$)
debug: send env failed: LANG = "ru_RU.UTF-8"
debug: no extended config [ExpectCount] for [rn]
debug: no extended config [EnableTrzsz] for [rn]
debug: no extended config [EnableZmodem] for [rn]
debug: no extended config [EnableDragFile] for [rn]
1koka@debian:~$
`

[abakum]

1koka@debian:~$ ssh -v rn

`

OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /home/koka/.ssh/config
debug1: /home/koka/.ssh/config line 31: Applying options for rn
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to serveo.net [138.68.79.95] port 22.
debug1: Connection established.
debug1: identity file /home/koka/.ssh/id_rsa type 0
debug1: identity file /home/koka/.ssh/id_rsa-cert type 4
debug1: identity file /home/koka/.ssh/id_ecdsa type -1
debug1: identity file /home/koka/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/koka/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/koka/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/koka/.ssh/id_ed25519 type -1
debug1: identity file /home/koka/.ssh/id_ed25519-cert type -1
debug1: identity file /home/koka/.ssh/id_ed25519_sk type -1
debug1: identity file /home/koka/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/koka/.ssh/id_xmss type -1
debug1: identity file /home/koka/.ssh/id_xmss-cert type -1
debug1: identity file /home/koka/.ssh/id_dsa type -1
debug1: identity file /home/koka/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: Remote protocol version 2.0, remote software version Go
debug1: compat_banner: no match: Go
debug1: Authenticating to serveo.net:22 as 'tn'
debug1: load_hostkeys: fopen /home/koka/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:07jcXlJ4SkBnyTmaVnmTpXuBiRx2+Q2adxbttO9gt0M
debug1: load_hostkeys: fopen /home/koka/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'serveo.net' is known and matches the RSA host key.
debug1: Found key in /home/koka/.ssh/known_hosts:4
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/koka/.ssh/id_rsa RSA SHA256:7Q/uIPLtRTP2v7jxnqU5G9FZbEazI2oYv3AEWkWZzHY agent
debug1: Will attempt key: /home/koka/.ssh/id_rsa RSA-CERT SHA256:7Q/uIPLtRTP2v7jxnqU5G9FZbEazI2oYv3AEWkWZzHY
debug1: Will attempt key: /home/koka/.ssh/id_ecdsa
debug1: Will attempt key: /home/koka/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/koka/.ssh/id_ed25519
debug1: Will attempt key: /home/koka/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/koka/.ssh/id_xmss
debug1: Will attempt key: /home/koka/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Authenticated to serveo.net ([138.68.79.95]:22) using "keyboard-interactive".
debug1: Remote connections from tn:22 forwarded to local address 10.161.115.160:22
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: Sending environment.
debug1: channel 0: setting env LANG = "ru_RU.UTF-8"
debug1: remote forward success for: listen tn:22, connect 10.161.115.160:22
Forwarding SSH traffic from tn:22
To connect from a remote host: ssh -J serveo.net user@tn
`

[abakum]

openssh resolves domain names locally, but tssh resolves domain names remotely. Using IP directly should avoid the issue.

Thanks! For ssh-j.com it fix, but for serveo.net the problem still remains.

#my ~/.ssh/config

```

Host target
User root
HostName 10.161.115.160
Host rn
RemoteForward 127.0.0.2:22 10.161.115.160:22
User lh
HostName serveo.net
PreferredAuthentications keyboard-interactive
Host jn
ProxyJump lh@serveo.net
User root
HostName 127.0.0.2
Host rc
RemoteForward 127.0.0.2:22 10.161.115.160:22
User lh
HostName ssh-j.com
PreferredAuthentications none
Host jc
ProxyJump lh@ssh-j.com
User root
HostName 127.0.0.2

#OpenSSH -R with OpenSSH -J works!
#ssh -v rn or ssh -v -R 127.0.0.2:22:10.161.115.160:22 lh@serveo.net
#ssh -v rc or ssh -v -R 127.0.0.2:22:10.161.115.160:22 lh@ssh-j.com
#then
#ssh -v jn or ssh -v -J lh@serveo.net root@127.0.0.2
#ssh -v jc or ssh -v -J lh@ssh-j.com root@127.0.0.2

#OpenSSH -R with tssh -J works too!
#ssh -v rn or ssh -v -R 127.0.0.2:22:10.161.115.160:22 lh@serveo.net
#ssh -v rc or ssh -v -R 127.0.0.2:22:10.161.115.160:22 lh@ssh-j.com
#then
#tssh -debug jn or tssh -debug -J lh@serveo.net root@127.0.0.2
#tssh -debug jc or tssh -debug -J lh@ssh-j.com root@127.0.0.2

#tssh -R start then exit
#how to fix tssh -R?
#tssh -debug rn or tssh -debug -R 127.0.0.2:22:10.161.115.160:22 lh@serveo.net

#tssh -N -R start then hang - BUG?
#tssh -debug -N rn or tssh -debug -N -R 127.0.0.2:22:10.161.115.160:22 lh@serveo.net
#tssh -J fail
#tssh -debug jn or tssh -debug -J lh@serveo.net root@127.0.0.2
#OpenSSH -J fail
#ssh -v jn or ssh -v -J lh@serveo.net root@127.0.0.2

#tssh -R with OpenSSH -J works!
#tssh -debug rc or tssh -debug -R 127.0.0.2:22:10.161.115.160:22 lh@ssh-j.com
#then
#tssh -debug jc or tssh -debug -J lh@ssh-j.com root@127.0.0.2
#ssh -v jc or ssh -v -J lh@ssh-j.com root@127.0.0.2

</details> 

[lonnywong]

• tssh --debug, not tssh -debug.
• tssh -N usually used with -f.

[abakum]

PR fixed an unexpected exit of tssh rn but still not forwarding in contrast with ssh rn

[abakum]

That's why golang resolved alias on local PC before send request to bind it on remote host? OpenSSH doesn't do that because everyone works through it.

golang/go#67295

[lonnywong]

For ssh-j.com it fix, but for serveo.net the problem still remains.

I don't quite understand the issue. Is there any warning message or error message?

[abakum]

case ssh rn running
tssh --debug jn say:

debug: login to [jn] success
debug: no extended config [ExpectCount] for [jn]
...

then all ok

case tssh rn running
tssh --debug jn say:

debug: login to [jn], addr: 127.0.0.2:22
proxy [lh@serveo.net] dial tcp [127.0.0.2:22] failed: ssh: rejected: connect failed (Couldn't open remote channel)

Is there access from China to serveo.net and ssh-j.com? Would you rather try it yourself?

[lonnywong]

Is there access from China to serveo.net and ssh-j.com? Would you rather try it yourself?

I'll give it a try when I'm free. What is your current configuration, and which parts do I need to adjust?

[lonnywong]

PR fixed an unexpected exit of tssh rn

Have to read the output of serveo.net first, then do the remote forward. Otherwise serveo.net will close the ssh session.

but still not forwarding in contrast with ssh rn

Can't accept any connection from serveo.net after listen. Maybe it's an issue of golang.org/x/crypto/ssh.

[abakum]

I agree that this is a question for golang, because everything works with a pair of tssh rc tssh jc!
This is a double question for golang. After all on serveo.net running ssh daemon from golang but on ssh-j.com dropbear \8^)