We Keep Coding

Using virt-install and setting vnc port to listen on ipv6

I'm running into an issue when I try to vnc into a new VM created with virt-install. When specifying vnc with virt-install using this:
--vnc \
--vncport=5905 \
--noautoconsole
The VM is created and 5905 is listening, but only on ipv4 as shown here:
# netstat -l | grep 5905
tcp 0 0 localhost:5905 0.0.0.0:* LISTEN
The problem is when I try to SSH tunnel using "ssh -v -L 5905:localhost:5905 myhost", I get a connection refused error because the vnc port is trying to forward from the hosts ipv6 local loopback interface and the vnc port is not listening on it:
debug1: Connection to port 5905 forwarding to localhost port 5905 requested.
debug1: channel 3: new [direct-tcpip]
channel 3: open failed: connect failed: Connection refused
debug1: channel 3: free: direct-tcpip: listening port 5905 for localhost port 5905, connect from ::1 port 57890 to ::1 port 5905, nchannels 4
I could solve this also by connecting vnc to the hosts ipv4 local loopback, but I'm not sure how to do that. Ideally I would like to have vnc listen on both ipv4 and ipv6.

I was able to get the VM to listen on ipv6 by editing the xml to include this in the graphics parameter:
<graphics type='vnc' port='5905' autoport='no' listen='localhost'>
<listen type='address' address='localhost'/>
</graphics>
You can specify this in the virt-install command by using this:
--graphics vnc,listen=localhost,port=5905 \
If you ask me, virt-install should default to localhost instead of it's ipv4 local loopback :/

SSH remote port forwarding through bastion server

I'm trying to establish a remote port forwarding to my Mac (target 4004) via a bastion host and Server-A to a Port (1555) on Server B.
So the whole connection is:
Mac:4004 => Bastion:22 => A:22 => B:1555
And the target is my Mac should have a Port 4004 forwarded from B:1555.
What is working so far?
I can connect to Server A with the command ssh user-bastion#user-A#server-A#server-bastion
On Server A I can establish a connection e.g. telnet to B:1555
On my windows client I can remote forward the port B:1555 to my local machine via Putty.
I'm now looking for the ssh command to establish this connection on my Mac.
Commands I tried:
Of course I have already searched for it and I've already tried different versions.
e.g.
ssh -fNT -R 1555:localhost:4004 -J user-bastion#user-A#server-A#server-bastion server-B
ssh -N user-bastion#user-A#server-A#server-bastion -R server-B:1555:localhost:4004
I always receive message like "Warning: remote port forwarding failed for listen port 1555"

SSH Socks Server

I'm trying to run a ssh SOCKS server on Windows 7 (listening on port 12345).
Here's the output I get on Cygwin:
$ ssh -v -D 12345 localhost
OpenSSH_6.8p1, OpenSSL 1.0.2c 12 Jun 2015
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to localhost [::1] port 22.
debug1: connect to address ::1 port 22: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused
Why is it trying to connect to localhost:22?
Looks like it's trying to reach sshd running on localhost.
I thought the ssh client was enough to set up a local SOCKS server. If it isn't, why do I need sshd running?
From https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding:
"Dynamic port forwarding turns your SSH client into a SOCKS proxy server"

To explain why you need a (remote) ssh server, ssh can do three (or four) kinds of forwarding; quoting the man page:
-L Specifies that the given port on the local (client) host is to be
forwarded to the given host and port on the remote side. This
works by allocating a socket to listen to port on the local side,
optionally bound to the specified bind_address. Whenever a con-
nection is made to this port, the connection is forwarded over
the secure channel, and a connection is made to host port
hostport from the remote machine. [...]
-R Specifies that the given port on the remote (server) host is to
be forwarded to the given host and port on the local side. This
works by allocating a socket to listen to port on the remote
side, and whenever a connection is made to this port, the connec-
tion is forwarded over the secure channel, and a connection is
made to host port hostport from the local machine. [...]
-D Specifies a local ``dynamic'' application-level port forwarding.
This works by allocating a socket to listen to port on the local
side, optionally bound to the specified bind_address. Whenever a
connection is made to this port, the connection is forwarded over
the secure channel, and the application protocol is then used to
determine where to connect to from the remote machine. Currently
the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
as a SOCKS server. [...]
-X and -Y enable forwarding for X11. This is a small but convenient variation of -R.
Note that in all cases the data is forwarded over the ssh tunnel, from the local machine to the ssh server or the reverse, and (therefore) the ssh tunnel must exist for the data to be forwarded over. The only difference between -L and -D is that -D uses SOCKS4/5 on the local end to specify where the remote end connects to.
If you want a SOCKS proxy that connects directly from the proxy to the destination, not over an ssh tunnel, you need a plain SOCKS proxy, not ssh+sshd.

Your trying to connect without a port. So port 22 is used. Once that connection is open then SSH will set up the socks proxy on the port you specified (12345)
You need to connect to a valid SSH server. You specify the port with the -p flag

Added Listen 443 in remote server's sshd_config. Why I can't ssh -p 443 / 22?

In a moment of weakness I sheepishly followed a tutorial on how to connect to my Amazon EC2 remote server bypassing a public library's Wifi ssh restriction.
So first thing I did was adding the following (last) line to my /etc/ssh/sshd_config file residing in my remote EC2 AMazon server:
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
ListenAddress 443
Then I restarted the ssh server and, in a genius move, logged out from my remote server. So when in my local machine I do this...
$ ssh -i /path/to/key.pem xxx#xx.xx.xxx.xx -p 443 -v
...I get this:
$ ssh -i /path/to/key.pem xxx#xx.xx.xxx.xx -v -p 443
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to xx.xx.xxx.xx [xx.xx.xxx.xx] port 443.
debug1: connect to address xx.xx.xxx.xx port 443: Connection timed out
ssh: connect to host xx.xx.xxx.xx port 443: Connection timed out
If I try to ssh to default's port 22 I get this:
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to xx.xx.xxx.xx [xx.xx.xxx.xx] port 22.
debug1: connect to address xx.xx.xxx.xx port 22: Connection refused
ssh: connect to host xx.xx.xxx.xx port 22: Connection refused
I also added the following line in my Amazon's EC2 'Security Groups'...
Custom TCP port 443
... to no avail.
Did I effectively locked me out of my remote server? I was following a tutorial on how to tunnel and then this happened. Shouldn't have just added to /etc/ssh/sshd_config...
Port 443
...instead of 'ListenAddress 443' ?
I have never had problems ssh'ing to my remote server before (which is a Debian Wheezy).
As far as I know I can still detach my volume, re-attach it into a new instance, fix the sshd_config file, etc. I hope there's an alternative to that.
So my question is: It is possible to connect to my remote server considering the line 'ListenAddress 443' in ssh_config ? If so, how? And perhaps more importantly, why is that I can't connect on Port 22 if I hadn't touched or changed anything n sshd_config besides the ListenAddress 443?
Thanks in advance!
Edit:
telnet xx.xx.xxx.xx 22
Trying xx.xx.xxx.xx...
telnet: Unable to connect to remote host: Connection refused

You can't connect because of one of three reasons:
sshd on the remote server is down because it can't parse ListenAddress 443.
sshd parsed ListenAddress 443 into an IP address ('443' can be interpreted as an IP address - an IPv4 address is represented at low levels by a 32-bit unsigned integer) but was unable to bind to the IP address represented by '443' and is down.
sshd parsed ListenAddress 443 into an IP address, successfully bound to that IP address, and is now running and listening for incoming connections on "0.0.1.187" or some similar interpretation of '443' as an IP address.

SSH Connection refuse after changing port

I am connecting to CentOS7 minimal installation machine in a LAN (192.168.1.33).
I have changed the ssh port vi /etc/ssh/sshd_config line 17 Port 1234
after restarting the sshd service the connection is refused
ssh demo#192.168.1.33 -p 1234
ssh: connect to host 192.168.1.33 port 1234: Connection refused
I have disabled SELinux and router-firewall but still having problem.
Though if I change back to port 22 I can login again.
Is there any other configuration to be changed?

Can you remotely connect to the server another way? If so, once you get in, run sudo netstat -plutn.
You should see at least one entry for sshd. If you don't, sshd isn't running. You can install it via sudo apt-get install openssh-server.
If you do, is the port under 'Local Address' for the sshd line 1234? This will tell you if you successfully changed the port configuration.
Hope that helps!