Secure Shell
Cannot connect from outside the local network Jun 22 2010 03:25AM
Amy (mi basura mail gmail com) (1 replies)
Re: Cannot connect from outside the local network Jun 22 2010 07:53PM
Rob Taylor (rgt wi mit edu) (1 replies)
RE: Cannot connect from outside the local network Jun 23 2010 10:31AM
Andrew Lee-Thorp (aleethorp hotmail com)


To a firewall (if there is one) 10122 is an "unusual" incoming port.
Some things you could try.

1) check that the target is reachable, run a traceroute (tracert on windows) or a ping at your client.2) check that the target port is reachable, e.g. nmap target, nc target 22 from your client.3) run the ssh client with -vv to get extra diagnostics.
cheers
----------------------------------------
> Date: Tue, 22 Jun 2010 15:53:27 -0400
> From: rgt (at) wi.mit (dot) edu [email concealed]
> To: mi.basura.mail (at) gmail (dot) com [email concealed]
> CC: secureshell (at) securityfocus (dot) com [email concealed]
> Subject: Re: Cannot connect from outside the local network
>
> Did you check these?
>
> the default gateway
> the windows firewall
>
> If need be, grab a copy of wireshark and see if the packets from the
> other subnet are getting to the machine.
>
> rgt
>
> On 06/21/2010 11:25 PM, Amy wrote:
>> Hello,
>>
>> I installed OpenSSH version 5.5p1 in Cygwin. Everything works fine if
>> I try to connect from inside the local network but if I try to connect
>> from an external network I'm not able to.
>>
>> The service does not appear to receive the connection:
>>
>> debug1: sshd version OpenSSH_5.5p1
>> debug1: read PEM private key done: type RSA
>> debug1: private host key: #0 type 1 RSA
>> debug1: read PEM private key done: type DSA
>> debug1: private host key: #1 type 2 DSA
>> debug1: rexec_argv[0]='/usr/sbin/sshd'
>> debug1: rexec_argv[1]='-d'
>> debug1: Bind to port 10122 on 0.0.0.0.
>> Server listening on 0.0.0.0 port 10122.
>>
>> I have already verified the hosts.allow and hosts.deny files and there
>> are correct also the ports are open in the firewall.
>>
>> This is the sshd_config:
>>
>> ---------------------------------------------------
>> # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
>>
>> # This is the sshd server system-wide configuration file. See
>> # sshd_config(5) for more information.
>>
>> # This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin
>>
>> # The strategy used for options in the default sshd_config shipped with
>> # OpenSSH is to specify options with their default value where
>> # possible, but leave them commented. Uncommented options change a
>> # default value.
>>
>> Port 10122
>> #AddressFamily any
>> ListenAddress 0.0.0.0
>> #ListenAddress ::
>>
>> # The default requires explicit activation of protocol 1
>> #Protocol 2
>>
>> # HostKey for protocol version 1
>> #HostKey /etc/ssh_host_key
>> # HostKeys for protocol version 2
>> #HostKey /etc/ssh_host_rsa_key
>> #HostKey /etc/ssh_host_dsa_key
>>
>> # Lifetime and size of ephemeral version 1 server key
>> #KeyRegenerationInterval 1h
>> #ServerKeyBits 1024
>>
>> # Logging
>> # obsoletes QuietMode and FascistLogging
>> #SyslogFacility AUTH
>> #LogLevel INFO
>>
>> # Authentication:
>>
>> #LoginGraceTime 2m
>> #PermitRootLogin yes
>> StrictModes no
>> #MaxAuthTries 6
>> #MaxSessions 10
>>
>> #RSAAuthentication yes
>> #PubkeyAuthentication yes
>> #AuthorizedKeysFile .ssh/authorized_keys
>>
>> # For this to work you will also need host keys in /etc/ssh_known_hosts
>> #RhostsRSAAuthentication no
>> # similar for protocol version 2
>> #HostbasedAuthentication no
>> # Change to yes if you don't trust ~/.ssh/known_hosts for
>> # RhostsRSAAuthentication and HostbasedAuthentication
>> #IgnoreUserKnownHosts no
>> # Don't read the user's ~/.rhosts and ~/.shosts files
>> #IgnoreRhosts yes
>>
>> # To disable tunneled clear text passwords, change to no here!
>> #PasswordAuthentication yes
>> #PermitEmptyPasswords no
>>
>> # Change to no to disable s/key passwords
>> #ChallengeResponseAuthentication yes
>>
>> # Kerberos options
>> #KerberosAuthentication no
>> #KerberosOrLocalPasswd yes
>> #KerberosTicketCleanup yes
>> #KerberosGetAFSToken no
>>
>> # GSSAPI options
>> #GSSAPIAuthentication no
>> #GSSAPICleanupCredentials yes
>>
>> # Set this to 'yes' to enable PAM authentication, account processing,
>> # and session processing. If this is enabled, PAM authentication will
>> # be allowed through the ChallengeResponseAuthentication and
>> # PasswordAuthentication. Depending on your PAM configuration,
>> # PAM authentication via ChallengeResponseAuthentication may bypass
>> # the setting of "PermitRootLogin without-password".
>> # If you just want the PAM account and session checks to run without
>> # PAM authentication, then enable this but set PasswordAuthentication
>> # and ChallengeResponseAuthentication to 'no'.
>> #UsePAM no
>>
>> #AllowAgentForwarding yes
>> #AllowTcpForwarding yes
>> #GatewayPorts no
>> #X11Forwarding no
>> #X11DisplayOffset 10
>> #X11UseLocalhost yes
>> #PrintMotd yes
>> #PrintLastLog yes
>> #TCPKeepAlive yes
>> #UseLogin no
>> UsePrivilegeSeparation yes
>> #PermitUserEnvironment no
>> #Compression delayed
>> #ClientAliveInterval 0
>> #ClientAliveCountMax 3
>> #UseDNS yes
>> #PidFile /var/run/sshd.pid
>> #MaxStartups 10
>> #PermitTunnel no
>> #ChrootDirectory none
>>
>> # no default banner path
>> #Banner none
>>
>> # override default of no subsystems
>> Subsystem sftp /usr/sbin/sftp-server
>>
>> # Example of overriding settings on a per-user basis
>> #Match User anoncvs
>> # X11Forwarding no
>> # AllowTcpForwarding no
>> # ForceCommand cvs server
>> -------------------------------------------------------

_________________________________________________________________
http://clk.atdmt.com/UKM/go/195013117/direct/01/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus