[opensuse] ssh through a firewall
I have read all the suggestions. I am unclear how the configuration at either end (on each openSUSE machine) can effect this. Unless something told ssh/sshd to connect on other than port 22. This is not the case. I see that sshd on the destination is listening on port 22. Both systems are in the default setup. When I connect (the firewall lets all ports thru) I do not see an additional port open (netstat -lp). But maybe there is one used just when the password is read? The firewall is in Barcelona and I am in Stockholm. As I need to get some work done, I am unable to tell them to restrict access to port 22. I will be able to do that next week. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/01/2014 05:09 AM, Roger Oberholtzer wrote:
I have read all the suggestions. I am unclear how the configuration at either end (on each openSUSE machine) can effect this. Unless something told ssh/sshd to connect on other than port 22. This is not the case. I see that sshd on the destination is listening on port 22. Both systems are in the default setup.
PLEASE! Help us by reporting the following. First, when you connect using ssh at the cli, what is the prompt offered by the other end? I, for one, would like to verify that you are indeed accessing the remote _computer_ because the firewall is doing port-forwarding and that you are not in fact accessing the ssh server on the firewall. I realise this seems trivial, but we need to be *absolutely* sure. Second, could you PLEASE report the output of "ssh -vvv". If its short then in-line can do, if not please use one of the 'boxes' were we an read a longer output. -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/01/2014 08:49 AM, Anton Aylward wrote:
On 08/01/2014 05:09 AM, Roger Oberholtzer wrote:
I have read all the suggestions. I am unclear how the configuration at either end (on each openSUSE machine) can effect this. Unless something told ssh/sshd to connect on other than port 22. This is not the case. I see that sshd on the destination is listening on port 22. Both systems are in the default setup.
PLEASE! Help us by reporting the following.
First, when you connect using ssh at the cli, what is the prompt offered by the other end?
I, for one, would like to verify that you are indeed accessing the remote _computer_ because the firewall is doing port-forwarding and that you are not in fact accessing the ssh server on the firewall.
I realise this seems trivial, but we need to be *absolutely* sure.
Second, could you PLEASE report the output of "ssh -vvv". If its short then in-line can do, if not please use one of the 'boxes' were we an read a longer output.
+1 we would like to see the output. I am also curious/concerned that you are connecting to what you are intending to connect to. If you have confirmed the sshd_config in the server you are attempting to connect to and 'Port' is either *unset* (default) or explicitly set 'Port 22', then you are definitely on port 22. The server should also have 'Protocol 2' set to insure you are not being flummoxed by protocol differences. As Anton suggests, the most telling output will be from your attempt with: 'ssh -vvv hostBehindBarcelonaFW' The only other thought I have is that BarcelonaFW is in fact *NOT* forwarding port 22 to the openSuSE box you need to connect with. Yes, you've confirmed the config on the openSuSE box, but unless BarcelonaFW is taking your inbound connection and explicitly forwarding it to SuSEhostBehindBarcelonaFW, you are never getting the chance to actually establish the connection. Also, if you have someone who has physical access to the server, you can have them monitor sshd via `journalctl --no-pager --full --unit=sshd --follow` Keep us posted and if you want more brainstorming, just yell. Also, if you have a limited test account and want some help. Contact either Anton or I off-list and we will be glad to help. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Anton Aylward -
David C. Rankin -
Roger Oberholtzer