Re: OpenSSH 3.4 and firewalls
From:Date: 07/25/02
- Next message: Steve Linberg: "Re: Reg. SSH books online"
- Previous message: Shashank Khanvilkar: "Reg. SSH books online"
- In reply to: Richard E. Silverman: "Re: OpenSSH 3.4 and firewalls"
- Next in thread: Richard E. Silverman: "Re: OpenSSH 3.4 and firewalls"
- Reply: Richard E. Silverman: "Re: OpenSSH 3.4 and firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 24 Jul 2002 16:38:12 -0700
I don't think you understand. Nothing shows up of any use because the
sshd process on my machine never acknowledges the request. However,
since you asked, here's the trace, with personal info removed.
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to .....org [x.xx.xxx.xx] port 19.
You can see that the ssh client is attempting to connect on the
correct port, which the firewalls should forward to my machine.
However, nothing ever happens.
To verify that the firewall was not at fault, I ran tcpdump with the
command:
tcpdump port ssh
First, I tried logging in from my LAN, and tcpdump showed lots of
traffic. In addition, the ssh client was able to connect (from my
apartment's LAN, mind you). When I tried to connect from a remote
machine, tcpdump again shows lots of incoming packets, but the sshd
process never responds to any of them. I'm still not sure why this is
happening.
any ideas?
slade@shore.net (Richard E. Silverman) wrote in message news:<m1l3cugi429.fsf@syrinx.oankali.net>...
> >>>>> "RR" == Ralph Rodkey <974xx6m07o001@sneakemail.com> writes:
>
> RR> I'm fairly certain that sshd isn't responding because the firewall
> RR> isn't modifying the destination header of incoming packets to my
> RR> actual address, so sshd sees that packets don't match any address
> RR> it's listening on.
>
> What makes you "certain" of this? Have you examined the network traffic,
> or are you just guessing? The very definition of "forwarding" the ports
> as you've described would include doing this, and it would have nothing to
> do with changing your SSH software.
>
> Post an "ssh -v ..." trace of a failing connection.
- Next message: Steve Linberg: "Re: Reg. SSH books online"
- Previous message: Shashank Khanvilkar: "Reg. SSH books online"
- In reply to: Richard E. Silverman: "Re: OpenSSH 3.4 and firewalls"
- Next in thread: Richard E. Silverman: "Re: OpenSSH 3.4 and firewalls"
- Reply: Richard E. Silverman: "Re: OpenSSH 3.4 and firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
