RE: Connecting to host



Let's just say that who we're trying to connect with is a large bank.
They have several other vendors/clients that are connecting through SSH
without issue. I'm quite sure they have outgoing Internet access.

They DID successfully test the SSH connection (internally) with my user
account. We may look at just PGP encrypting the files and using good 'ol
FTP to transfer the files.

-----Original Message-----
From: Bob Rasmussen [mailto:ras@xxxxxxxxx]
Sent: Wednesday, July 04, 2007 2:16 PM
To: Kelly Thomas
Cc: secureshell@xxxxxxxxxxxxxxxxx;
secureshell-return-9479@xxxxxxxxxxxxxxxxx
Subject: Re: Connecting to host

On Tue, 3 Jul 2007, Kelly Thomas wrote:

We have recently been asked by one of our vendors to connect to their
system through SSH. They are a Unix Host - beyond that, I don't have
much information.

We are a 'windows' shop and I'm using Putty version 0.60 to connect
with
a Windows XP Professional machine. I have created a public key and
sent
it to them. They have also sent their public key to me. From what
they're telling me, there should be no password to connect.

When I try to connect it first asks for my passphrase. I'm assuming it
will only do that the first time to validate my key - not sure.

The private key you created with PuTTY may require a passphrase. That
may
be what you're seeing.

Or, their end may not be correctly finding the public key for you. If
it's
not, then it may be reverting to password or keyboard-interactive
authentication.

I believe PuTTY can run with some debugging turned on. This will give
you
some information about what authentication methods it is finding,
allowing, tying, failing, etc.


After typing in my passphrase for the key, I get a disconnect message:
Server sent disconnect message type 7 (service not available):
"Unsupported request (pty-req)."

This sounds seriously like their SSH daemon is not set up properly. Are
THEY able to SSH to their server? Are they able to do so and log in with

your username?

It's also possible that they succeed from inside their firewall, but
when
you attempt to come in from outside the firewall, the firewall (or
router)
is intercepting the SSH connection. They would need to configure the
firewall/router to forward a port 22 (default for SSH) connection to the

appropriate internal machine.

Are THEY able to connect in from the Internet at large (outside their
office)?


This message appears to be something on their end but they are telling
me it's on my end. Can anyone help?

It sounds to me like it is on THEIR end.

You might want to try Anzio Lite, our SSH client, available from the
website below.

Regards,
....Bob Rasmussen, President, Rasmussen Software, Inc.

personal e-mail: ras@xxxxxxxxx
company e-mail: rsi@xxxxxxxxx
voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
fax: (US) 503-624-0760
web: http://www.anzio.com



Relevant Pages

  • Re: Howto make Firewalld allow remote SSH into a Virtual Machine?
    ... Set the firewall zone of my Ethernet interface to Trusted: ... Can not ssh from the laptop to the VM: ... That means that once the connection is set up, the first rule will accept the packets, and reduce CPU usage as well as latency. ...
    (Fedora)
  • Re: SSH tunneling/port forwarding and stateful packet inspection
    ... You wrote, several times, that your "packet showed it was SSL" traffic. ... firewall could not see inside the stream because it was encrypted by SSL, ... connection somewhere in this scenario, so I was making sure you understood ... -- then the answer is of course, no. SSH ...
    (comp.security.ssh)
  • Re: FC3 Security
    ... When I said I would eliminate ssh, then they said that they don't ... >>gives out IP addresses and actually owns the network. ... >of services which could be handled by one server and a firewall. ... This is an always-on cellular connection - not ...
    (Fedora)
  • Re: Eingehende Netzverbindung zu anderem Rechner tunneln
    ... Wozu dabei eine Firewall? ... Der Rechner soll zum Internet hin nur ... Dienste fuer das gesamte Internet angeboten werden sollen, ... Vergiss FTP, Das Protokoll ist nur schwer ueber z.B. ssh zu tunneln, ...
    (de.comp.os.unix.linux.misc)
  • Re: packet loss to firewall while Internet link is down
    ... When the Internet link goes down, ssh refuses ... to allow connection from within the LAN to our BSD ... When the Internet is down, the CPU load factor on the ...
    (freebsd-questions)