Re: login differences between LAN and WAN to openSSH on cygwin with putty



I finally found something that gave me an error message:

From the cygwin bash shell, I tried to use the command line "ssh" rather than putty to connect. First inside R1's subnet, this works:
===============================
$ ssh -v 192.168.0.127
OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006
debug1: Connecting to 192.168.0.127 [192.168.0.127] port 22.
debug1: Connection established.
debug1: identity file /home/dellxp/.ssh/identity type -1
debug1: identity file /home/dellxp/.ssh/id_rsa type -1
debug1: identity file /home/dellxp/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host '192.168.0.127 (192.168.0.127)' can't be established.
RSA key fingerprint is 8e:99:cd:b7:70:53:d4:28:88:16:fa:8c:84:1f:51:86.
Are you sure you want to continue connecting (yes/no)?
===============================

Then when I tried to go from the internet, this fails:
===============================
$ ssh -v 71.271.16.127
OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006
debug1: Connecting to 71.271.16.127 [71.271.16.127] port 22.
debug1: Connection established.
debug1: identity file /home/dellxp/.ssh/identity type -1
debug1: identity file /home/dellxp/.ssh/id_rsa type -1
debug1: identity file /home/dellxp/.ssh/id_dsa type -1
debug1: ssh_exchange_identification: Sep 8 12:00:10 klogd: klogd started: BusyBox v0.61.pre (2005.04.22-01:13+0000)
debug1: ssh_exchange_identification: Doing BRCTL ...
debug1: ssh_exchange_identification: setfilter br0 0
$
debug1: ssh_exchange_identification: /var/tmp/act_firewall: No such file or directory
debug1: ssh_exchange_identification: insmod: ipt_REJECT.o: no module by that name found
ssh_exchange_identification: Connection closed by remote host
===============================

Does that provide any clues for troubleshooting?


-----Original Message-----
From: "Michael Sorens" <msorens@xxxxxxxxxxxxx>
To: secureshell@xxxxxxxxxxxxxxxxx
Date: Fri, 16 Feb 2007 15:30:18 -0800
Subject: login differences between LAN and WAN to openSSH on cygwin with putty

I have been having the darnedest time trying to figure out what is happening here:

I am running openSSH on Cygwin on WinXPhome on my home LAN. It is actually behind a wireless router (R2) then behind a DSL modem (R1) before it gets to the internet. I have port-forwarding from R1 to R2, then from R2 to my PC/ssh server.
I am able to login to my ssh server with putty from another PC when I am inside R2's subnet, and when I go to R1's subnet, but when I try to access it from R1's external IP it fails.

Some details on the failure:
(1) Initially putty timed out until I realized ZoneAlarm firewall on my ssh server was blocking it, so I just turned off that firewall for now.
(2) Then, running sshd on port 2444 (a randomly picked port) putty came back promptly with "Connection refused".
(3) Changing sshd back to the standard port 22, I now get a strange response--putty opens and immediately closes (too fast to see if there is any message).

I tried to turn on logging in sshd_config, even setting the loglevel to DEBUG, but the /var/log/sshd.conf remains stubbornly empty.

The real question, then, is: What am I missing in my configuration to get putty to work from the internet?
Failing an answer to that: how can I get sshd logging turned on to try to see what is happening?

Thanks,
~~Michael Sorens



Relevant Pages

  • Re: Problem connecting to SSH, OpenVMS7.3-2, HP TCP/IP v5.4 patched
    ... warning: Authentication failed. ... connection lost (Connection closed by remote host.). ... So, as you can see, I am trying to make an ssh connection with the ...
    (comp.os.vms)
  • Re: SSH commands to HMC
    ... debug1: Reading configuration data ... debug1: connect to address 10.26.10.21 port 22: ... Connection timed out ... ssh: connect to host 10.26.10.21 port 22: Connection ...
    (AIX-L)
  • Re: [opensuse] Who does graphics rendering with ssh?
    ... I don't know if this helps the thread, but the way I would think of ssh is that ssh just gives you a terminal on the remote machine. ... When you add X11Forwarding you then have added the ability to run graphical applications on the remote and have them display locally. ... You are just adding a communication layer to what the basic ssh connection provides. ...
    (SuSE)
  • Help request: problems with a 5.1 server and large numbers of ssh users.
    ... FreeBSD 5.1 because I need to be able to support ldap authentication.) ... My version of ssh is 3.6.1p2 patched to address the security concerns. ... debug1: Rhosts Authentication disabled, ... debug1: Connection established. ...
    (freebsd-current)
  • Help request: problems with a 5.1 server and large numbers of ssh users.
    ... FreeBSD 5.1 because I need to be able to support ldap authentication.) ... My version of ssh is 3.6.1p2 patched to address the security concerns. ... debug1: Rhosts Authentication disabled, ... debug1: Connection established. ...
    (freebsd-hackers)