113

My lab runs RStudio on a server. A couple weeks ago, from my cousin's house, I successfully ssh'd into the server and pulled up the server-side RStudio through my local Firefox browser. Now when I try to access the server RStudio from home (via my own router), it doesn't work. I need help troubleshooting, and I'm guessing it's some problem on the router. I'm running Mac OSX 10.6.8. No idea what the university server's running, but I don't think it's a server-side problem.

Here's how it worked the first time I did it, at my cousin's house: first, I VPN into the university network; then I call SSH with port forwarding; then I open a Firefox browser, connect to my localhost port, and it opens up RStudio on the server side which I can access through my local browser window.

Here's the problem I'm having right now when I try to log-in from my home network:

I can make the VPN connection successfully. I can also set up SSH successfully with this command: ssh -v -L 8783:localhost:8783 myacct@server.com

Here are the last several lines of the verbose output from the successful ssh command:

debug1: Authentication succeeded (password).
debug1: Local connections to LOCALHOST:8783 forwarded to remote address localhost:8783
debug1: Local forwarding listening on 127.0.0.1 port 8783.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on ::1 port 8783.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Entering interactive session.
Last login: Mon Sep  2 04:02:40 2013 from vpnipaddress

So I think I'm still succeeding at the VPN and SSH stage (though I don't know why it says my last login was Sep 2 when I've logged in a few times since then).

Next, I open Firefox, and I type localhost:8783, and instead of getting an RStudio server app through my browser window, I get the following errors:

In the Firefox browser window, it says: Server not found, Firefox can't find the server at www.localhost.com, Check the address for typing errors etc.

In the terminal window, it says:

debug1: Connection to port 8783 forwarding to localhost port 8783 requested.
debug1: channel 3: new [direct-tcpip]
channel 3: open failed: connect failed: Connection refused
debug1: channel 3: free: direct-tcpip: listening port 8783 for localhost port 8783, connect from 127.0.0.1 port 50420, nchannels 4

I'm not sure what I've got wrong. I haven't changed anything on my laptop since my last successful connection. I'm on my own router (instead of my cousin's), so maybe I need to mess with the firewall? I already allowed ports 22 and 8783 to come through the firewall to my laptop (I'm not even sure I needed to do that though). Help?

user2762495
  • 1,173
  • 2
  • 9
  • 8
  • weird, have you thought of looking into your hosts file? it should define localhost = 127.0.0.1 Try with 127.0.0.1:8783 in your browser... – Jes Chergui Oct 16 '14 at 09:59

11 Answers11

169
ssh -v -L 8783:localhost:8783 myacct@server.com
...
channel 3: open failed: connect failed: Connection refused

When you connect to port 8783 on your local system, that connection is tunneled through your ssh link to the ssh server on server.com. From there, the ssh server makes TCP connection to localhost port 8783 and relays data between the tunneled connection and the connection to target of the tunnel.

The "connection refused" error is coming from the ssh server on server.com when it tries to make the TCP connection to the target of the tunnel. "Connection refused" means that a connection attempt was rejected. The simplest explanation for the rejection is that, on server.com, there's nothing listening for connections on localhost port 8783. In other words, the server software that you were trying to tunnel to isn't running, or else it is running but it's not listening on that port.

Kenster
  • 23,465
  • 21
  • 80
  • 106
  • 13
    So how do I fix the problem exactly? I have a droplet with digital ocean. How do I make it "listen" for my connection? – Nick Manning Sep 21 '16 at 16:22
  • 7
    Yes it did. Kenster is saying that most likely you don't have anything running on that port. Aka "we tried to listen to the port you specified, but there's nothing on that port". It's like if I had specified port forwarding for a local server's port, but that local server hasn't spun up yet, it will throw an error. But spin up the server and BOOM! The error goes away. For Digital Ocean, make sure your ssh server is actually listening to the port that is forwarding to your local computer. – Jordan Michael Rushing Apr 12 '17 at 16:32
  • 3
    have you tried adding leading ":" like this: ssh -v -L :8783:localhost:8783 myacct@server.com – valentt Apr 12 '17 at 23:51
  • 18
    Instead of `localhost`, try using IP address e.g. `ssh -v -L 8783:127.0.0.1:8783 myacct@server.com` or `ssh -v -L 8783:192.168.1.10:8783 myacct@server.com`. Also check that the service running on server.com is listening to the correct IP address and port – Hanxue Jun 05 '17 at 01:44
  • 3
    Kenster is totally right - RStudio Server doesn't listen on 8783, it listens on 8787, at least on my server. So I was trying to connect to a port that wasn't doing anything. – user2762495 Aug 23 '17 at 03:50
  • 1
    My goodness @hanxue. What you just said resolved my issue after 10+ hours of struggle. All I had to do was change localhost to 127.0.0.1. Thank you! – TheWalkingData Oct 30 '17 at 20:14
  • 1
    @mkaran - You can upvote [this answer](https://serverfault.com/a/494971/326962), which is older and contains similar info. – sancho.s ReinstateMonicaCellio Aug 18 '22 at 17:14
12

Posting this to help someone.

Symptom:

channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip:
   listening port 8890 for 169.254.76.1 port 8890,
   connect from ::1 port 52337 to ::1 port 8890, nchannels 8

My scenario; i had to use the remote server as a bastion host to connect elsewhere. Final Destination/Target: 169.254.76.1, port 8890. Through intermediary server with public ip: ec2-54-162-180-7.compute-1.amazonaws.com

SSH local port forwarding command:

ssh -i ~/keys/dev.tst -vnNT -L :8890:169.254.76.1:8890
glue@ec2-54-162-180-7.compute-1.amazonaws.com

What the problem was: There was no service bound on port 8890 in the target host. i had forgotten to start the service.

How did i trouble shoot:

SSH into bastion host and then do curl.

Hope this helps.

Community
  • 1
  • 1
AravindR
  • 677
  • 4
  • 11
4

Note: localhost is the hostname for an address using the local (loopback) network interface, and 127.0.0.1 is its IP in the IPv4 network standard (it's ::1 in IPv6). 0.0.0.0 is the IPv4 standard "current network" IP address.

I experienced this error with a Docker setup. I had a Docker container running on an external server, and I'd (correctly) mapped its ports out as 127.0.0.1:9232:9232. By port-forwarding ssh remote -L 9232:127.0.0.1:9232, I'd expected to be able to communicate with the remote server's port 9232 as if it were my own local port.

It turned out that the Docker container was internally running its process on 127.0.0.1:9232 rather than 0.0.0.0:9232, and so even though I'd specified the container's port-mappings correctly, they weren't on the correct interface for being mapped out.

Jamie Birch
  • 5,839
  • 1
  • 46
  • 60
  • I have a similar problem, with two ssh hops followed by a Docker, but I don't understand the last paragraph. Could you elaborate on what you did there to fix the problem? – McLawrence Oct 29 '20 at 10:29
  • 1
    @McLawrence (Comment 1/2...) In a Docker Compose file, for example, you can map ports out by specifying: `ports: ["127.0.0.1:3000:9232"]` (which would expose the container's `0.0.0.0:9232` port on the host's `127.0.0.1:3000` port) or `ports: ["0.0.0.0:3000:9232"]` (which would expose the container's `0.0.0.0:9232` port on the host's `0.0.0.0:3000` port). The [equivalent command in Docker Run](https://docs.docker.com/config/containers/container-networking/#published-ports) would be `-p 0.0.0.0:3000:9232`, incidentally. – Jamie Birch Oct 29 '20 at 12:03
  • 1
    @McLawrence (Comment 2/2...) If a container runs a process on `127.0.0.1:9232`, it **cannot** be mapped out to the host (it will be invisible to the host, as it is the container's local network interface). Instead, the container's process **must** be run on `0.0.0.0:9232` if you want to map it out to the host (regardless of whether you map it out to the host's `127.0.0.1` or `0.0.0.0` interface), as `0.0.0.0` is the external network interface. – Jamie Birch Oct 29 '20 at 12:05
4

In my case, it worked after running the vncserver on linux.

  1. Entered this on linux command line : sudo ssh -L 5901:localhost:5901 -i <ssh_private_key> <username>@<public-IP-address>
  2. Type there vncserver
  3. Go to VncViewer application and connect using localhost:5901

enter image description here

Jumanazar Said
  • 101
  • 1
  • 4
  • 9
  • 2
    I had the same problem with a Jupyter Notebook was running the SSH command as in here (without the -v flag) and launching the process from the same terminal session, as it happens in this example. – Nicolas Mauricio Cuadrado Oct 25 '21 at 14:30
3

In my case, it worked after checking the correct IP address of the user credentials previously I was using the wrong IP of the server

ssh -NfL 127.0.0.1:8084:127.0.0.1:8888 user@ip_address_of_server

after correcting it, works fine.

Ashok Bhobhiya
  • 2,840
  • 1
  • 6
  • 8
3

Encountered with the same error. In my case, I found the problem was in the config file of jupyter.

Let's say there are 3 computers named A, B, and C, and A can access B but can't access C; B can access C.

To access jupyter-notebook service of C from A, first I established ssh tunnel from A to C through B, then I access jupyter-notebook by typing localhost:port_number, then I got the error.

Finally the problem was solved by writing the "c.NotebookApp.ip = '0.0.0.0'" in jupyter-notebook's config file, where '0.0.0.0' allows the access of other IPs.

Hope someone in a similar situation may benefit.

xiaoxin zhao
  • 31
  • 1
1

I used to meet the similar problem because 'localhost' was not available on server when it restarted network service, e.g. 'ifdown -a' but followed by only 'ifup -eo1'. Besides server is not listening to the port, you can also check 'localhost' is available or not.

ps: Post it just hope someone who has the similar problem may benefit.

Xiaoyan Zhuo
  • 102
  • 3
1

I had this problem when I wanted to make a vnc connection via a tunnel. But the vncserver was not running. I solved it by opening the channel on the remote machine with vncserver :3.

friedrich
  • 11
  • 1
0

I had the same error when I was trying to tunnel my mlflow ui over ssh to view remotely. As mentioned in the first answer, the error arises because nothing on the server is listening for the port. This, for me, is because I forgot to start the mlflow app on my remote machine! So in general – make sure the app you're trying to access remotely is running.

Simon Alford
  • 2,405
  • 1
  • 12
  • 10
-4

This means the remote vm is not listening to current port i solved this by adding the port in the vm server

Abdullah Tahan
  • 1,963
  • 17
  • 28
-4

Just replace localhost with 127.0.0.1.

(The answer is based on answers of other people on this page.)

beefeather
  • 1,040
  • 5
  • 8