gaskator a écrit 5 commentaires

  • [^] # Re: Vert bause

    Posté par  . En réponse au message comment avoir plus d'infos de log d'un tunnel ssh. Évalué à 0.

    et le log du rebond :

    Mar 12 11:21:29 PO-Secu1 sshd[30954]: debug1: server_input_channel_open: ctype direct-tcpip rchan 3 win 131072 max 32768
    Mar 12 11:21:29 PO-Secu1 sshd[30954]: debug1: server_request_direct_tcpip: originator 127.0.0.1 port 58048, target 192.168.210.11 port 443
    Mar 12 11:21:29 PO-Secu1 sshd[30954]: debug2: fd 11 setting O_NONBLOCK
    Mar 12 11:21:29 PO-Secu1 sshd[30954]: debug2: fd 11 setting TCP_NODELAY
    Mar 12 11:21:29 PO-Secu1 sshd[30954]: debug3: fd 11 is O_NONBLOCK
    Mar 12 11:21:29 PO-Secu1 sshd[30954]: debug3: fd 11 is O_NONBLOCK
    Mar 12 11:21:29 PO-Secu1 sshd[30954]: debug1: channel 3: new [direct-tcpip]
    Mar 12 11:21:29 PO-Secu1 sshd[30954]: debug1: server_input_channel_open: confirm direct-tcpip
    Mar 12 11:21:29 PO-Secu1 sshd[30954]: debug3: channel 3: waiting for connection
    Mar 12 11:21:29 PO-Secu1 sshd[30954]: debug1: channel 3: connected
    Mar 12 11:21:30 PO-Secu1 sshd[30954]: debug1: server_input_channel_open: ctype direct-tcpip rchan 4 win 131072 max 32768
    Mar 12 11:21:30 PO-Secu1 sshd[30954]: debug1: server_request_direct_tcpip: originator 127.0.0.1 port 58049, target 192.168.210.11 port 443
    Mar 12 11:21:30 PO-Secu1 sshd[30954]: debug2: fd 12 setting O_NONBLOCK
    Mar 12 11:21:30 PO-Secu1 sshd[30954]: debug2: fd 12 setting TCP_NODELAY
    Mar 12 11:21:30 PO-Secu1 sshd[30954]: debug3: fd 12 is O_NONBLOCK
    Mar 12 11:21:30 PO-Secu1 sshd[30954]: debug3: fd 12 is O_NONBLOCK
    Mar 12 11:21:30 PO-Secu1 sshd[30954]: debug1: channel 4: new [direct-tcpip]
    Mar 12 11:21:30 PO-Secu1 sshd[30954]: debug1: server_input_channel_open: confirm direct-tcpip
    Mar 12 11:21:30 PO-Secu1 sshd[30954]: debug3: channel 4: waiting for connection
    Mar 12 11:21:30 PO-Secu1 sshd[30954]: debug1: server_input_channel_open: ctype direct-tcpip rchan 5 win 131072 max 32768
    Mar 12 11:21:30 PO-Secu1 sshd[30954]: debug1: server_request_direct_tcpip: originator 127.0.0.1 port 58050, target 192.168.210.11 port 443
  • [^] # Re: Vert bause

    Posté par  . En réponse au message comment avoir plus d'infos de log d'un tunnel ssh. Évalué à 0.

    J'ai déjà configuré le sshd en DEBUG3.
    Mais je n'obtiens que les logs de connection ssh des clients vers le rebond, puis les requetes du rebond vers la machine cible.

    Le problème est que le log ne dit pas vers qui sont redirigées les requetes :

    exemple pour la commande : #ssh -L 8090:192.168.210.11:443 10.4.194.41


    debug1: Connecting to 10.4.194.41 [10.4.194.41] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/identity type -1
    debug1: identity file /root/.ssh/id_rsa type 1
    debug1: identity file /root/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-8
    debug1: match: OpenSSH_4.3p2 Debian-8 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host '10.4.194.41' is known and matches the RSA host key.
    debug1: Found key in /root/.ssh/known_hosts:59
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /root/.ssh/identity
    debug1: Offering public key: /root/.ssh/id_rsa
    debug1: Server accepts key: pkalg ssh-rsa blen 277
    debug1: read PEM private key done: type RSA
    debug1: Authentication succeeded (publickey).
    debug1: Local connections to LOCALHOST:8090 forwarded to remote address 192.168.3.11:443
    debug1: Local forwarding listening on 127.0.0.1 port 8090.
  • [^] # Re: Vert bause

    Posté par  . En réponse au message comment avoir plus d'infos de log d'un tunnel ssh. Évalué à 1.

    Non plus, il faut que ça soit le daemon ssh sur la machine de rebond qui cree du log, et pas le client. (ou alors quelque chose m'a echappé dans ta reponse).
  • [^] # Re: d'apres le man

    Posté par  . En réponse au message comment avoir plus d'infos de log d'un tunnel ssh. Évalué à 0.

    Non, ça ne marche pas, mais merci.
  • [^] # Re: d'apres le man

    Posté par  . En réponse au message comment avoir plus d'infos de log d'un tunnel ssh. Évalué à 1.

    Non, ça ne marche pas, mais merci.