RE: Unable to connect to sshd on server inside firewall

From: Nathan Jackson (NathanJ_at_eu.wrq.com)
Date: 07/29/04

  • Next message: Gahring, David: "RE: Unable to connect to sshd on server inside firewall"
    To: "'Gahring, David'" <David.Gahring@ai-engsvcs.com>, secureshell@securityfocus.com
    Date: Wed, 28 Jul 2004 23:50:19 -0700
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi Dave,

    When the server was relocated, did the IP address change for this
    machine?

    It could be that the public key you have for the server (in the
    known_hosts file) is incorrect and therefore the connection is
    failing.
    To get around this, you can remove the entry for this server in your
    known_hosts file.

    Failing that, turn the sshd logging onto DEBUG3 (in sshd_config) and
    take a look at the logfile, it may give you some pointers as to what
    is failing.

    Regards,

    Nathan

    - -----Original Message-----
    From: Gahring, David [mailto:David.Gahring@ai-engsvcs.com]
    Sent: Wednesday, July 28, 2004 5:24 PM
    To: secureshell@securityfocus.com
    Subject: Unable to connect to sshd on server inside firewall

    Greetings,

    First post as newbie to the list..  ?

    I have a configuration question that has been troubling me.  I have
    been trying to setup a server running sshd (OpenSSH) under SFU
    (Services for Unix) on a (W2K Srvr) machine that sits behind a
    firewall.  Sshd is listening on a port that has allegedly been opened
    up through the firewall.  When I try to connect to the server from
    the client (my workstation), I get the notification of the new public
    key, followed by the password prompt.  When I enter the password and
    press enter, I am prompted for the password again.

    So I am unable to connect.

    This same server configuration worked flawlessly without the firewall
    in the mix, but when the server was relocated to behind the firewall,
    it no longer works.

    Is there something I need to configure differently now that sshd is
    on a server behind a firewall?  I thought that as long as the port
    being used was open, I would be good to go.

    Any suggestions are appreciated.

    Thanks,

    Dave

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1 - not licensed for commercial use: www.pgp.com

    iQCVAwUBQQieHhIZWa7hESfiAQIkqQP/et/I+2hJdiX6T44yW8YUK6zw8+gkHuaR
    cxTfVolfs9Zche52lvyaCAx1ALGE43HoTBLgXxZtiTyLRpsj+eAHX+ZhE4Ek9BWg
    zLrPU3DUOPyJ5ebmsE8QzyOIrsh315rE6bIpb/X66VQX8iKkB0/oyaFPqQmer2y8
    XNpV2SjFKE4=
    =9WKY
    -----END PGP SIGNATURE-----


  • Next message: Gahring, David: "RE: Unable to connect to sshd on server inside firewall"

    Relevant Pages

    • Re: CEICW fails at firewall config
      ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
      (microsoft.public.windows.server.sbs)
    • Re: Recycler security issues on IIS server
      ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
      (microsoft.public.inetserver.iis.security)
    • Re: Security - ciphers - autentification
      ... is a web server on the firewall or on a trusted, ... firewall. ... > throw filrewall (and process 'real' autentification). ... Communication with services is done by public key ...
      (SecProg)
    • Re: ISA SERVER NOT STARTING
      ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
      (microsoft.public.windows.server.sbs)
    • Re: For Microsoft Partners and Customers Who Cant Download or Access
      ... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
      (microsoft.public.dotnet.general)