hi
I’m trying to connect from a computer A to computer B and then to computer C.
All these computer has the same user and password and the key are in authorized_keys file.
Using
ssh B
ssh C
I can reach the computer C but I would like to build a direct connection using port forwarding.
Instead using
TCP forwarding has nothing to do with it, both connections are point to point anyway.
The ssh forwarding is working, as you can see you reached C through port 9999.
The problem is you have a syntax error in the key file, see the complaints about the BEGIN and END.
Make sure you have put the public portion of the key pair on the target machine in ~/.ssh/authorized_keys. This public portion has no BEGIN and END lines. It’s just one long line, starting with the key type, then the key as a long string, then the username@hostname.
the file authorized_keys in computer C is ok, it has the public keys of both computer A and B without any ----BEGIN or ----END.
also in computer B this file is well done. In fact I can use twice ssh and connect to C
Well that syntax error is coming from some file, so you have to track it down. Another possibility is a disagreement in selecting the protocol, notice from the debug messages that it thought that id_dsa was a RSA1 file.
Now I know that the problem is the last line of the output.
I use now an RSA1 key and the output is just
ssh -vvv localhost -p 9999
OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 9999.
debug1: Connection established.
debug1: identity file /home/icardi/.ssh/id_rsa type 0
debug1: identity file /home/icardi/.ssh/id_dsa type 0
ssh_exchange_identification: Connection closed by remote host
and in the other shell with the ssh -L running I have this output
debug1: Connection to port 9999 forwarding to C port 22 requested.
debug2: fd 9 setting TCP_NODELAY
debug2: fd 9 setting O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug1: channel 3: new [direct-tcpip]
channel 3: open failed: administratively prohibited: open failed
debug1: channel 3: free: direct-tcpip: listening port 9999 for ascomp port 22, connect from 127.0.0.1 port 5993, nchannels 4
debug3: channel 3: status: The following connections are open: #2 client-session (t4 r0 i0/0 o0/0 fd 6/7 cfd -1) #3 direct-tcpip: listening port 9999 for C port 22, connect from 127.0.0.1 port 5993 (t3 r-1 i0/0 o0/0 fd 9/9cfd -1)