'RE: Cannot connect from outside the local network'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secure-shell
Subject:    RE: Cannot connect from outside the local network
From:       Andrew Lee-Thorp <aleethorp () hotmail ! com>
Date:       2010-06-23 10:31:13
Message-ID: COL119-W84E05CC3F3E7CB5B38E28B3C50 () phx ! gbl
[Download RAW message or body]



To a firewall (if there is one) 10122 is an "unusual" incoming port.
Some things you could try.

1) check that the target is reachable, run a traceroute (tracert on windows) or a \
ping at your client.2) check that the target port is reachable, e.g. nmap target, nc \
target 22 from your client.3) run the ssh client with -vv to get extra diagnostics. \
                cheers
----------------------------------------
> Date: Tue, 22 Jun 2010 15:53:27 -0400
> From: rgt@wi.mit.edu
> To: mi.basura.mail@gmail.com
> CC: secureshell@securityfocus.com
> Subject: Re: Cannot connect from outside the local network
> 
> Did you check these?
> 
> the default gateway
> the windows firewall
> 
> If need be, grab a copy of wireshark and see if the packets from the
> other subnet are getting to the machine.
> 
> rgt
> 
> On 06/21/2010 11:25 PM, Amy wrote:
> > Hello,
> > 
> > I installed OpenSSH version 5.5p1 in Cygwin. Everything works fine if
> > I try to connect from inside the local network but if I try to connect
> > from an external network I'm not able to.
> > 
> > The service does not appear to receive the connection:
> > 
> > debug1: sshd version OpenSSH_5.5p1
> > debug1: read PEM private key done: type RSA
> > debug1: private host key: #0 type 1 RSA
> > debug1: read PEM private key done: type DSA
> > debug1: private host key: #1 type 2 DSA
> > debug1: rexec_argv[0]='/usr/sbin/sshd'
> > debug1: rexec_argv[1]='-d'
> > debug1: Bind to port 10122 on 0.0.0.0.
> > Server listening on 0.0.0.0 port 10122.
> > 
> > I have already verified the hosts.allow and hosts.deny files and there
> > are correct also the ports are open in the firewall.
> > 
> > This is the sshd_config:
> > 
> > ---------------------------------------------------
> > # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
> > 
> > # This is the sshd server system-wide configuration file. See
> > # sshd_config(5) for more information.
> > 
> > # This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin
> > 
> > # The strategy used for options in the default sshd_config shipped with
> > # OpenSSH is to specify options with their default value where
> > # possible, but leave them commented. Uncommented options change a
> > # default value.
> > 
> > Port 10122
> > #AddressFamily any
> > ListenAddress 0.0.0.0
> > #ListenAddress ::
> > 
> > # The default requires explicit activation of protocol 1
> > #Protocol 2
> > 
> > # HostKey for protocol version 1
> > #HostKey /etc/ssh_host_key
> > # HostKeys for protocol version 2
> > #HostKey /etc/ssh_host_rsa_key
> > #HostKey /etc/ssh_host_dsa_key
> > 
> > # Lifetime and size of ephemeral version 1 server key
> > #KeyRegenerationInterval 1h
> > #ServerKeyBits 1024
> > 
> > # Logging
> > # obsoletes QuietMode and FascistLogging
> > #SyslogFacility AUTH
> > #LogLevel INFO
> > 
> > # Authentication:
> > 
> > #LoginGraceTime 2m
> > #PermitRootLogin yes
> > StrictModes no
> > #MaxAuthTries 6
> > #MaxSessions 10
> > 
> > #RSAAuthentication yes
> > #PubkeyAuthentication yes
> > #AuthorizedKeysFile .ssh/authorized_keys
> > 
> > # For this to work you will also need host keys in /etc/ssh_known_hosts
> > #RhostsRSAAuthentication no
> > # similar for protocol version 2
> > #HostbasedAuthentication no
> > # Change to yes if you don't trust ~/.ssh/known_hosts for
> > # RhostsRSAAuthentication and HostbasedAuthentication
> > #IgnoreUserKnownHosts no
> > # Don't read the user's ~/.rhosts and ~/.shosts files
> > #IgnoreRhosts yes
> > 
> > # To disable tunneled clear text passwords, change to no here!
> > #PasswordAuthentication yes
> > #PermitEmptyPasswords no
> > 
> > # Change to no to disable s/key passwords
> > #ChallengeResponseAuthentication yes
> > 
> > # Kerberos options
> > #KerberosAuthentication no
> > #KerberosOrLocalPasswd yes
> > #KerberosTicketCleanup yes
> > #KerberosGetAFSToken no
> > 
> > # GSSAPI options
> > #GSSAPIAuthentication no
> > #GSSAPICleanupCredentials yes
> > 
> > # Set this to 'yes' to enable PAM authentication, account processing,
> > # and session processing. If this is enabled, PAM authentication will
> > # be allowed through the ChallengeResponseAuthentication and
> > # PasswordAuthentication. Depending on your PAM configuration,
> > # PAM authentication via ChallengeResponseAuthentication may bypass
> > # the setting of "PermitRootLogin without-password".
> > # If you just want the PAM account and session checks to run without
> > # PAM authentication, then enable this but set PasswordAuthentication
> > # and ChallengeResponseAuthentication to 'no'.
> > #UsePAM no
> > 
> > #AllowAgentForwarding yes
> > #AllowTcpForwarding yes
> > #GatewayPorts no
> > #X11Forwarding no
> > #X11DisplayOffset 10
> > #X11UseLocalhost yes
> > #PrintMotd yes
> > #PrintLastLog yes
> > #TCPKeepAlive yes
> > #UseLogin no
> > UsePrivilegeSeparation yes
> > #PermitUserEnvironment no
> > #Compression delayed
> > #ClientAliveInterval 0
> > #ClientAliveCountMax 3
> > #UseDNS yes
> > #PidFile /var/run/sshd.pid
> > #MaxStartups 10
> > #PermitTunnel no
> > #ChrootDirectory none
> > 
> > # no default banner path
> > #Banner none
> > 
> > # override default of no subsystems
> > Subsystem sftp /usr/sbin/sftp-server
> > 
> > # Example of overriding settings on a per-user basis
> > #Match User anoncvs
> > # X11Forwarding no
> > # AllowTcpForwarding no
> > # ForceCommand cvs server
> > -------------------------------------------------------
 		 	   		  
_________________________________________________________________
http://clk.atdmt.com/UKM/go/195013117/direct/01/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic