[prev in list] [next in list] [prev in thread] [next in thread]
List: secure-shell
Subject: RE: Cannot connect from outside the local network
From: Andrew Lee-Thorp <aleethorp () hotmail ! com>
Date: 2010-06-23 10:31:13
Message-ID: COL119-W84E05CC3F3E7CB5B38E28B3C50 () phx ! gbl
[Download RAW message or body]
To a firewall (if there is one) 10122 is an "unusual" incoming port.
Some things you could try.
1) check that the target is reachable, run a traceroute (tracert on windows) or a \
ping at your client.2) check that the target port is reachable, e.g. nmap target, nc \
target 22 from your client.3) run the ssh client with -vv to get extra diagnostics. \
cheers
----------------------------------------
> Date: Tue, 22 Jun 2010 15:53:27 -0400
> From: rgt@wi.mit.edu
> To: mi.basura.mail@gmail.com
> CC: secureshell@securityfocus.com
> Subject: Re: Cannot connect from outside the local network
>
> Did you check these?
>
> the default gateway
> the windows firewall
>
> If need be, grab a copy of wireshark and see if the packets from the
> other subnet are getting to the machine.
>
> rgt
>
> On 06/21/2010 11:25 PM, Amy wrote:
> > Hello,
> >
> > I installed OpenSSH version 5.5p1 in Cygwin. Everything works fine if
> > I try to connect from inside the local network but if I try to connect
> > from an external network I'm not able to.
> >
> > The service does not appear to receive the connection:
> >
> > debug1: sshd version OpenSSH_5.5p1
> > debug1: read PEM private key done: type RSA
> > debug1: private host key: #0 type 1 RSA
> > debug1: read PEM private key done: type DSA
> > debug1: private host key: #1 type 2 DSA
> > debug1: rexec_argv[0]='/usr/sbin/sshd'
> > debug1: rexec_argv[1]='-d'
> > debug1: Bind to port 10122 on 0.0.0.0.
> > Server listening on 0.0.0.0 port 10122.
> >
> > I have already verified the hosts.allow and hosts.deny files and there
> > are correct also the ports are open in the firewall.
> >
> > This is the sshd_config:
> >
> > ---------------------------------------------------
> > # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
> >
> > # This is the sshd server system-wide configuration file. See
> > # sshd_config(5) for more information.
> >
> > # This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin
> >
> > # The strategy used for options in the default sshd_config shipped with
> > # OpenSSH is to specify options with their default value where
> > # possible, but leave them commented. Uncommented options change a
> > # default value.
> >
> > Port 10122
> > #AddressFamily any
> > ListenAddress 0.0.0.0
> > #ListenAddress ::
> >
> > # The default requires explicit activation of protocol 1
> > #Protocol 2
> >
> > # HostKey for protocol version 1
> > #HostKey /etc/ssh_host_key
> > # HostKeys for protocol version 2
> > #HostKey /etc/ssh_host_rsa_key
> > #HostKey /etc/ssh_host_dsa_key
> >
> > # Lifetime and size of ephemeral version 1 server key
> > #KeyRegenerationInterval 1h
> > #ServerKeyBits 1024
> >
> > # Logging
> > # obsoletes QuietMode and FascistLogging
> > #SyslogFacility AUTH
> > #LogLevel INFO
> >
> > # Authentication:
> >
> > #LoginGraceTime 2m
> > #PermitRootLogin yes
> > StrictModes no
> > #MaxAuthTries 6
> > #MaxSessions 10
> >
> > #RSAAuthentication yes
> > #PubkeyAuthentication yes
> > #AuthorizedKeysFile .ssh/authorized_keys
> >
> > # For this to work you will also need host keys in /etc/ssh_known_hosts
> > #RhostsRSAAuthentication no
> > # similar for protocol version 2
> > #HostbasedAuthentication no
> > # Change to yes if you don't trust ~/.ssh/known_hosts for
> > # RhostsRSAAuthentication and HostbasedAuthentication
> > #IgnoreUserKnownHosts no
> > # Don't read the user's ~/.rhosts and ~/.shosts files
> > #IgnoreRhosts yes
> >
> > # To disable tunneled clear text passwords, change to no here!
> > #PasswordAuthentication yes
> > #PermitEmptyPasswords no
> >
> > # Change to no to disable s/key passwords
> > #ChallengeResponseAuthentication yes
> >
> > # Kerberos options
> > #KerberosAuthentication no
> > #KerberosOrLocalPasswd yes
> > #KerberosTicketCleanup yes
> > #KerberosGetAFSToken no
> >
> > # GSSAPI options
> > #GSSAPIAuthentication no
> > #GSSAPICleanupCredentials yes
> >
> > # Set this to 'yes' to enable PAM authentication, account processing,
> > # and session processing. If this is enabled, PAM authentication will
> > # be allowed through the ChallengeResponseAuthentication and
> > # PasswordAuthentication. Depending on your PAM configuration,
> > # PAM authentication via ChallengeResponseAuthentication may bypass
> > # the setting of "PermitRootLogin without-password".
> > # If you just want the PAM account and session checks to run without
> > # PAM authentication, then enable this but set PasswordAuthentication
> > # and ChallengeResponseAuthentication to 'no'.
> > #UsePAM no
> >
> > #AllowAgentForwarding yes
> > #AllowTcpForwarding yes
> > #GatewayPorts no
> > #X11Forwarding no
> > #X11DisplayOffset 10
> > #X11UseLocalhost yes
> > #PrintMotd yes
> > #PrintLastLog yes
> > #TCPKeepAlive yes
> > #UseLogin no
> > UsePrivilegeSeparation yes
> > #PermitUserEnvironment no
> > #Compression delayed
> > #ClientAliveInterval 0
> > #ClientAliveCountMax 3
> > #UseDNS yes
> > #PidFile /var/run/sshd.pid
> > #MaxStartups 10
> > #PermitTunnel no
> > #ChrootDirectory none
> >
> > # no default banner path
> > #Banner none
> >
> > # override default of no subsystems
> > Subsystem sftp /usr/sbin/sftp-server
> >
> > # Example of overriding settings on a per-user basis
> > #Match User anoncvs
> > # X11Forwarding no
> > # AllowTcpForwarding no
> > # ForceCommand cvs server
> > -------------------------------------------------------
_________________________________________________________________
http://clk.atdmt.com/UKM/go/195013117/direct/01/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic