SSH connection tunneling refused

Question

I have a virtual machine located inside a private network. So firstly, I should come in server.com and then come in my-machine.

I want to make ssh-tunnel from my laptop to my-machine.

ssh -v -A -nNT -L 40000:127.0.0.1:40000 login@server.com ssh -v -nNT -L 40000:127.0.0.1:40000 my-machine & 

Now I want to test ssh-tunnel with netcat.

I run at my-machine:

nc -l 40000

At my laptop:

~ ❯❯❯ nc 127.0.0.1 40000

But it gives me:

debug1: Connection to port 40000 forwarding to 127.0.0.1 port 40000 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip: listening port 40000 for 127.0.0.1 port 40000, connect from 127.0.0.1 port 49692 to 127.0.0.1 port 40000, nchannels 3

Why this happen and how to fix it? I expected that anything I type in my laptop console will appear in my-machine console.

What last string means? Especially 127.0.0.1 port 49692 why this port is used? I never type it.

debug1: channel 2: free: direct-tcpip: listening port 40000 for 127.0.0.1 port 40000, connect from 127.0.0.1 port 49692 to 127.0.0.1 port 40000, nchannels 3

Answer 1

Every TCP connection is point to point needs two pairs of IP addresses and ports. Reading all the message (not just the part you showed):

connect from 127.0.0.1 port 49692

So indeed you are connecting to the port 40000, but you are connecting from port 49692 (randomly assigned for your netcat or some of the forwarded steps).

How to fix this problem?

This double-jump forwarding does not work, because you need the second established before the first one.

Also you are using -N switch for the first command, which is preventing running the second ssh command.

But I would give it a shot with ProxyCommand, which will make you connect to the destination with single command directly from your host:

ssh -v -nNT -L 40000:127.0.0.1:40000 \
    -oProxyCommand="ssh -W %h:%p login@server.com" my-machine &