ssh client gets to server, but doesn't connect...?

---

• From: "/usr/ceo" <newsbot@xxxxxxx>
• Date: 4 Oct 2006 22:00:37 -0700

---

Been running SuSE 8.0 (kernel 2.2 I think?!) on a Pentium II 400mhz for
YEARS and it finally died. I used to port forward from my firewall
from an obscure port (we'll say 99) to the SSH port, port 22, and it
worked great. But after my SuSE 8.0 machine died, I decided it was
time to "modernize" so I installed SuSE 10.1 64-bit on a brand new
machine.

Now, I can't connect to the sshd from the outside any more. I'm using
essentially the same sshd_config file, and using tcpdump w/o
promiscuious mode, I can see the SSH traffic hitting the eth0
interface. I can also see the port forwarding through the firewall
(from 99 -> 22 and then of course tcpdump is watching port 22), and I
can see the traffic all the way through. Nothing shows up in syslog
however either.

But on the machine, it seems sshd itself isn't seeing the traffic.
NetFilter is NOT on, there is nothing blocking the traffic at the
machine level, sshd just seems not to answer? I tried setting the
ListenAddress, as I have two NICs in this machine, whereas my 8.0
machine only had one (actually, I think even it had two). For the life
of me I can't figure it out. Nothing in the sshd_config file
(attached) seems to stare out at me. Was just wondering if anyone had
any ideas.

I had a similar issue at work where I installed SuSE 10.0, and invited
a colleage to ssh into the box and he couldn't, but on the local LAN, I
could. Same here as well, BTW. On the local LAN (192.168.0.0/24), I
can SSH into the new box just fine. It's just when the connection
comes from a port forward, it doesn't work. (And I never changed the
firewall really from when my 8.0 box was working. I configered my new
10.1 box the same and expected it to work.)

My sshd_config file is attached if anyone has any ideas. Pretend I am
user 'foo' of course (see last lines in sshd_config).

GOT to get this working and any help is appreciated greatly...

SSHD Version: OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005

/usr/ceo

--- sshd_config:

Port 22
#Protocol 2,1
ListenAddress 192.168.0.2
ListenAddress 192.168.0.4
GatewayPorts yes

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

# Authentication:

LoginGraceTime 600
PermitRootLogin yes
StrictModes no

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in
/etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
ChallengeResponseAuthentication no

# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of
'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem sftp /usr/lib/ssh/sftp-server
AllowUsers foo bar

.

---

• Follow-Ups:
  • Re: ssh client gets to server, but doesn't connect...?
    • From: Allen McIntosh

• Prev by Date: Re: Screen-paging in Ftp
• Next by Date: Re: Home Network
• Previous by thread: Re: Routing problem with dual nics
• Next by thread: Re: ssh client gets to server, but doesn't connect...?
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: ssh attempts ... Change the port to something different than port 22. ... Subject: Re: ssh attempts ... > forget the excellent iptables firewall you probably already have on ... >>> Computer Emergency Response Teams, ... (Security-Basics) Re: Reverse Shell? ... >> behind a firewall so I can't ssh into their computer. ... > follow the tunnel back to their machine and then help them. ... Connections to that port will be forwarded through the ... (Debian-User) RE: Tunneling over ssh with termination by the FW ... I would use something like Putty (ssh client software) to open a secure ... tunnel with the firewall. ... If the firewall has the sshd running on port ... (SSH) Re: need help for setting SSH Server for Windows XP ... In my windows firewall proper ports are opened. ... Changing from port 22 to ports 80, 443 also doesn't give any results. ... static LAN IP of the server PC. ... It is *NOT* a valid test to call the SSH server PC from another ... (microsoft.public.windowsxp.work_remotely) Re: ssh gives "Permission denied, please try again" ... port 22 on your internal machine, so you will need to keep ssh up to ... I configure the router to forward a different external port to 22 on my ... For good measure pick usernames that are none obvious, ... root/password: 163 times ... (uk.comp.os.linux)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)