Re: login differences between LAN and WAN to openSSH on cygwin with putty



I finally found something that gave me an error message:

From the cygwin bash shell, I tried to use the command line "ssh" rather than putty to connect. First inside R1's subnet, this works:
===============================
$ ssh -v 192.168.0.127
OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006
debug1: Connecting to 192.168.0.127 [192.168.0.127] port 22.
debug1: Connection established.
debug1: identity file /home/dellxp/.ssh/identity type -1
debug1: identity file /home/dellxp/.ssh/id_rsa type -1
debug1: identity file /home/dellxp/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host '192.168.0.127 (192.168.0.127)' can't be established.
RSA key fingerprint is 8e:99:cd:b7:70:53:d4:28:88:16:fa:8c:84:1f:51:86.
Are you sure you want to continue connecting (yes/no)?
===============================

Then when I tried to go from the internet, this fails:
===============================
$ ssh -v 71.271.16.127
OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006
debug1: Connecting to 71.271.16.127 [71.271.16.127] port 22.
debug1: Connection established.
debug1: identity file /home/dellxp/.ssh/identity type -1
debug1: identity file /home/dellxp/.ssh/id_rsa type -1
debug1: identity file /home/dellxp/.ssh/id_dsa type -1
debug1: ssh_exchange_identification: Sep 8 12:00:10 klogd: klogd started: BusyBox v0.61.pre (2005.04.22-01:13+0000)
debug1: ssh_exchange_identification: Doing BRCTL ...
debug1: ssh_exchange_identification: setfilter br0 0
$
debug1: ssh_exchange_identification: /var/tmp/act_firewall: No such file or directory
debug1: ssh_exchange_identification: insmod: ipt_REJECT.o: no module by that name found
ssh_exchange_identification: Connection closed by remote host
===============================

Does that provide any clues for troubleshooting?


-----Original Message-----
From: "Michael Sorens" <msorens@xxxxxxxxxxxxx>
To: secureshell@xxxxxxxxxxxxxxxxx
Date: Fri, 16 Feb 2007 15:30:18 -0800
Subject: login differences between LAN and WAN to openSSH on cygwin with putty

I have been having the darnedest time trying to figure out what is happening here:

I am running openSSH on Cygwin on WinXPhome on my home LAN. It is actually behind a wireless router (R2) then behind a DSL modem (R1) before it gets to the internet. I have port-forwarding from R1 to R2, then from R2 to my PC/ssh server.
I am able to login to my ssh server with putty from another PC when I am inside R2's subnet, and when I go to R1's subnet, but when I try to access it from R1's external IP it fails.

Some details on the failure:
(1) Initially putty timed out until I realized ZoneAlarm firewall on my ssh server was blocking it, so I just turned off that firewall for now.
(2) Then, running sshd on port 2444 (a randomly picked port) putty came back promptly with "Connection refused".
(3) Changing sshd back to the standard port 22, I now get a strange response--putty opens and immediately closes (too fast to see if there is any message).

I tried to turn on logging in sshd_config, even setting the loglevel to DEBUG, but the /var/log/sshd.conf remains stubbornly empty.

The real question, then, is: What am I missing in my configuration to get putty to work from the internet?
Failing an answer to that: how can I get sshd logging turned on to try to see what is happening?

Thanks,
~~Michael Sorens