3

Problem

I am attempting to configure an SSH tunnel to a NexentaStor appliance from either a Windows or Linux computer so that I can connect a Crashplan Desktop GUI to a headless Crashplan server running on the Nexenta box, according to these instructions on the Crashplan support site: Connect to a Headless CrashPlan Desktop.

So far, I've failed to get a working SSH tunnel from from either either a Windows client (using Putty) or a Linux client (using command line SSH). I'm fairly sure the problem is at the receiving end with NexentaStor. A blog article - CrashPlan for Backup on Nexenta - indicates that it could be made to work only after "after enabling TCP forwarding in Nexenta in /etc/ssh/sshd_config" - although I'm not sure how to go about that or specifically what I need to do.

Things I have tried

Ensuring the Crashplan server on the Nexenta box is listening on port 4243

$ netstat -na | grep LISTEN | grep 42
127.0.0.1.4243             *.*                0      0 131072      0 LISTEN
      *.4242               *.*                0      0 65928      0 LISTEN

Establishing a tunnel from a Linux host:

$ ssh -L 4200:localhost:4243 admin:10.0.0.56

and then, from another terminal on the Linux host, using telnet to verify the tunnel:

$ telnet localhost 4200
Trying ::1...
Connected to localhost.
Escape character is #^]'.

with nothing more, although the Crashplan server should respond with something.

From Windows, using PuTTY I have followed the instructions on the Crashplan support site to establish an equivalent tunnel, but then telnet on Windows gives me no response at all and the Crashplan GUI can't connect either. The PuTTY log for the tunnelled connection shows reasonable output:

...
2011-11-18 21:09:57 Opened channel for session
2011-11-18 21:09:57 Local port 4200 forwarding to localhost:4243
2011-11-18 21:09:57 Allocated pty (ospeed 38400bps, ispeed 38400bps)
2011-11-18 21:09:57 Started a shell/command
2011-11-18 21:10:09 Opening forwarded connection to localhost:4243

but the telnet localhost 4200 command from Windows does nothing at all - it just waits with a blank terminal.

On the NexentaStor server I've examined the /etc/ssh/sshd_config file and everything seems 'normal' - and I've commented out the ListenAddress entries to ensure that I'm listening on all interfaces.

How can I establish a tunnel, and how can I verify that it is working?

ewwhite
  • 197,159
  • 92
  • 443
  • 809
Rob Smallshire
  • 131
  • 3
  • Is the `AllowTcpForwarding` mentioned in the current sshd_config at all? – Zoredache Nov 18 '11 at 23:06
  • @Zoredache `AllowTcpForwarding` is not mentioned in the `sshd_config` although apparently it defaults to `yes`. Adding an explicit entry for it doesn't improve the situation. – Rob Smallshire Nov 19 '11 at 10:13

3 Answers3

2

Rob, please try running the ssh tunnel as the root user on the NexentaStor server instead of admin, and report back.

$ ssh -L 4200:localhost:4243 root@10.0.0.56
ewwhite
  • 197,159
  • 92
  • 443
  • 809
  • Connecting as root makes no different to the success of the tunnel, from either Linux or Windows clients. – Rob Smallshire Nov 19 '11 at 11:06
  • BTW - Are you restarting the sshd service between config file changes? Hit enter a couple of times after you connect to `127.0.0.1`. – ewwhite Nov 19 '11 at 13:23
  • Yes, I'm issuing `svcadm restart ssh` between changes. – Rob Smallshire Nov 20 '11 at 17:51
  • Last suggestions: What version of NexentaStor are you on? Have you updated? When I run ssh tunnels, I tend to use `127.0.0.1` instead of `localhost`, just in case. Run an `apt-get install nexenta-lsof` and run an `lsof -i` to check the Crashplan process/port. Lastly, you can post this on the NexentaStor forums: http://nexentastor.org/projects/site/boards if there's any chance there's a firewall issue or rules governing those ports at the `nmc` level. – ewwhite Nov 20 '11 at 18:16
1

One more thing you might want to try is verifying that your linux ssh host allows tunneling. I'm using OpenMediaVault, and it had a specific setting called "permit to do SSH tunneling" that was unchecked. Checking it allowed me to successfully use the PuTTY method.

James A Mohler
  • 243
  • 4
  • 19
Ben
  • 11
  • 1
1

You need to forward to port 4242, not port 4243.

ssh -L 4200:localhost:4242 admin:10.0.0.56
Michael Hampton
  • 244,070
  • 43
  • 506
  • 972