RE: Unable to connect to sshd on server inside firewall
From: Nathan Jackson (NathanJ_at_eu.wrq.com)
Date: 07/29/04
- Previous message: Srinivas Gopaladasu: "Re: Solaris password requirements not enforced"
- Maybe in reply to: Gahring, David: "Unable to connect to sshd on server inside firewall"
- Next in thread: Frank Hamersley: "RE: Unable to connect to sshd on server inside firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Gahring, David'" <David.Gahring@ai-engsvcs.com>, secureshell@securityfocus.com Date: Thu, 29 Jul 2004 07:34:02 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've never used SSH with Services for Unix before so I'm not entirely
sure how it handles windows user accounts.
The fact that you are prompted for a password and not a passphrase
means that you are not using public key authentication of the client
and that you're using the windows authentication mechanism. Have you
tried authenticating with a "non-domain" user (i.e. a local user to
that server only)?
This would at least narrow things down a little.
Nathan
- -----Original Message-----
From: Gahring, David [mailto:David.Gahring@ai-engsvcs.com]
Sent: Thursday, July 29, 2004 4:25 PM
To: Nathan Jackson; secureshell@securityfocus.com
Subject: RE: Unable to connect to sshd on server inside firewall
Nathan,
Thanks for the suggestion...
Yes, the IP changed when it was moved. However, I rebuilt one of the
client machines yesterday, and attempted the connection from a clean
install of openssh (no existing known_hosts). It failed with the
following series of messages.
(IP's and other id's changed to protect the innocent...)
<paste>
[Client:~]$ ssh -p 1234 userid@sshserver.behindfirewall.com
The authenticity of host 'sshserver.behindfirewall.com
(123.123.123.123)' can't be established.
RSA key fingerprint is
1f:36:4b:fb:a3:ed:4e:bc:6f:65:c2:68:ab:8c:14:93.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added
'sshserver.behindfirewall.com,123.123.123.123' (RSA) to the list of
known hosts.
userid@sshserver.behindfirewall.com's password:
Permission denied, please try again.
userid@sshserver.behindfirewall.com's password:
Permission denied, please try again.
userid@sshserver.behindfirewall.com's password:
</paste>
This series of responses would lead me to believe that I am
connecting to sshd on the server side, doing some handshaking and
some sharing of public keys, then dropping into the authentication.
That seems to be as far as I can get. I just keep getting prompted
for the password until he says I've tried too many times.. :(
I will try to get the DEBUG3 logging enabled on the server. The
biggest difficulty is the server is located in a different state, on
a secure facility, so doing mods on it is a hassle. I'll keep you
informed when I can get some logging.
Thanks again,
David Gahring
- -----Original Message-----
From: Nathan Jackson [mailto:NathanJ@eu.wrq.com]
Sent: Thursday, July 29, 2004 2:50 AM
To: Gahring, David; secureshell@securityfocus.com
Subject: RE: Unable to connect to sshd on server inside firewall
Hi Dave,
When the server was relocated, did the IP address change for this
machine?
It could be that the public key you have for the server (in the
known_hosts file) is incorrect and therefore the connection is
failing.
To get around this, you can remove the entry for this server in your
known_hosts file.
Failing that, turn the sshd logging onto DEBUG3 (in sshd_config) and
take a look at the logfile, it may give you some pointers as to what
is failing.
Regards,
Nathan
- - -----Original Message-----
From: Gahring, David [mailto:David.Gahring@ai-engsvcs.com]
Sent: Wednesday, July 28, 2004 5:24 PM
To: secureshell@securityfocus.com
Subject: Unable to connect to sshd on server inside firewall
Greetings,
First post as newbie to the list.. ?
I have a configuration question that has been troubling me. I have
been trying to setup a server running sshd (OpenSSH) under SFU
(Services for Unix) on a (W2K Srvr) machine that sits behind a
firewall. Sshd is listening on a port that has allegedly been opened
up through the firewall. When I try to connect to the server from
the client (my workstation), I get the notification of the new public
key, followed by the password prompt. When I enter the password and
press enter, I am prompted for the password again.
So I am unable to connect.
This same server configuration worked flawlessly without the firewall
in the mix, but when the server was relocated to behind the firewall,
it no longer works.
Is there something I need to configure differently now that sshd is
on a server behind a firewall? I thought that as long as the port
being used was open, I would be good to go.
Any suggestions are appreciated.
Thanks,
Dave
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com
iQCVAwUBQQkKuRIZWa7hESfiAQI2NgQAsq8yGJ2UJB/Sj/z576NmHS2hHOV7PsK8
UESpIoehLnTco0x13fU0Nzt8+9LZRXW3ilSrIB+5quQgiEeIHTC6Cu2LZAv3SOjf
7KiMkNZLrs2CNnLvxGb9rMwVMPgwM3tPx4EkBa1Kmzzs9GUH9b71lDhMMvNxih7b
bhNNv6il/rM=
=IzuT
-----END PGP SIGNATURE-----
- Previous message: Srinivas Gopaladasu: "Re: Solaris password requirements not enforced"
- Maybe in reply to: Gahring, David: "Unable to connect to sshd on server inside firewall"
- Next in thread: Frank Hamersley: "RE: Unable to connect to sshd on server inside firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
