Secure Shell
Cannot connect from outside the local network Jun 22 2010 03:25AM
Amy (mi basura mail gmail com) (1 replies)
Re: Cannot connect from outside the local network Jun 22 2010 07:53PM
Rob Taylor (rgt wi mit edu) (1 replies)
Did you check these?

the default gateway
the windows firewall

If need be, grab a copy of wireshark and see if the packets from the
other subnet are getting to the machine.

rgt

On 06/21/2010 11:25 PM, Amy wrote:
> Hello,
>
> I installed OpenSSH version 5.5p1 in Cygwin. Everything works fine if
> I try to connect from inside the local network but if I try to connect
> from an external network I'm not able to.
>
> The service does not appear to receive the connection:
>
> debug1: sshd version OpenSSH_5.5p1
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> debug1: rexec_argv[0]='/usr/sbin/sshd'
> debug1: rexec_argv[1]='-d'
> debug1: Bind to port 10122 on 0.0.0.0.
> Server listening on 0.0.0.0 port 10122.
>
> I have already verified the hosts.allow and hosts.deny files and there
> are correct also the ports are open in the firewall.
>
> This is the sshd_config:
>
> ---------------------------------------------------
> # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
>
> # This is the sshd server system-wide configuration file. See
> # sshd_config(5) for more information.
>
> # This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin
>
> # The strategy used for options in the default sshd_config shipped with
> # OpenSSH is to specify options with their default value where
> # possible, but leave them commented. Uncommented options change a
> # default value.
>
> Port 10122
> #AddressFamily any
> ListenAddress 0.0.0.0
> #ListenAddress ::
>
> # The default requires explicit activation of protocol 1
> #Protocol 2
>
> # HostKey for protocol version 1
> #HostKey /etc/ssh_host_key
> # HostKeys for protocol version 2
> #HostKey /etc/ssh_host_rsa_key
> #HostKey /etc/ssh_host_dsa_key
>
> # Lifetime and size of ephemeral version 1 server key
> #KeyRegenerationInterval 1h
> #ServerKeyBits 1024
>
> # Logging
> # obsoletes QuietMode and FascistLogging
> #SyslogFacility AUTH
> #LogLevel INFO
>
> # Authentication:
>
> #LoginGraceTime 2m
> #PermitRootLogin yes
> StrictModes no
> #MaxAuthTries 6
> #MaxSessions 10
>
> #RSAAuthentication yes
> #PubkeyAuthentication yes
> #AuthorizedKeysFile .ssh/authorized_keys
>
> # For this to work you will also need host keys in /etc/ssh_known_hosts
> #RhostsRSAAuthentication no
> # similar for protocol version 2
> #HostbasedAuthentication no
> # Change to yes if you don't trust ~/.ssh/known_hosts for
> # RhostsRSAAuthentication and HostbasedAuthentication
> #IgnoreUserKnownHosts no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> #IgnoreRhosts yes
>
> # To disable tunneled clear text passwords, change to no here!
> #PasswordAuthentication yes
> #PermitEmptyPasswords no
>
> # Change to no to disable s/key passwords
> #ChallengeResponseAuthentication yes
>
> # Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
> #KerberosGetAFSToken no
>
> # GSSAPI options
> #GSSAPIAuthentication no
> #GSSAPICleanupCredentials yes
>
> # Set this to 'yes' to enable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> # be allowed through the ChallengeResponseAuthentication and
> # PasswordAuthentication. Depending on your PAM configuration,
> # PAM authentication via ChallengeResponseAuthentication may bypass
> # the setting of "PermitRootLogin without-password".
> # If you just want the PAM account and session checks to run without
> # PAM authentication, then enable this but set PasswordAuthentication
> # and ChallengeResponseAuthentication to 'no'.
> #UsePAM no
>
> #AllowAgentForwarding yes
> #AllowTcpForwarding yes
> #GatewayPorts no
> #X11Forwarding no
> #X11DisplayOffset 10
> #X11UseLocalhost yes
> #PrintMotd yes
> #PrintLastLog yes
> #TCPKeepAlive yes
> #UseLogin no
> UsePrivilegeSeparation yes
> #PermitUserEnvironment no
> #Compression delayed
> #ClientAliveInterval 0
> #ClientAliveCountMax 3
> #UseDNS yes
> #PidFile /var/run/sshd.pid
> #MaxStartups 10
> #PermitTunnel no
> #ChrootDirectory none
>
> # no default banner path
> #Banner none
>
> # override default of no subsystems
> Subsystem sftp /usr/sbin/sftp-server
>
> # Example of overriding settings on a per-user basis
> #Match User anoncvs
> # X11Forwarding no
> # AllowTcpForwarding no
> # ForceCommand cvs server
> -------------------------------------------------------

[ reply ]
RE: Cannot connect from outside the local network Jun 23 2010 10:31AM
Andrew Lee-Thorp (aleethorp hotmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus