1 Aug
2014
1 Aug
'14
11:09 a.m.
I have read all the suggestions. I am unclear how the configuration at
either end (on each openSUSE machine) can effect this. Unless something
told ssh/sshd to connect on other than port 22. This is not the case. I
see that sshd on the destination is listening on port 22. Both systems
are in the default setup.
When I connect (the firewall lets all ports thru) I do not see an
additional port open (netstat -lp). But maybe there is one used just
when the password is read?
The firewall is in Barcelona and I am in Stockholm. As I need to get
some work done, I am unable to tell them to restrict access to port 22.
I will be able to do that next week.
--
Roger Oberholtzer
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
1 Aug
1 Aug
3:49 p.m.
On 08/01/2014 05:09 AM, Roger Oberholtzer wrote:
I have read all the suggestions. I am unclear how the
configuration at
either end (on each openSUSE machine) can effect this. Unless something
told ssh/sshd to connect on other than port 22. This is not the case. I
see that sshd on the destination is listening on port 22. Both systems
are in the default setup.
PLEASE! Help us by reporting the following.
First, when you connect using ssh at the cli, what is the prompt offered
by the other end?
I, for one, would like to verify that you are indeed accessing the
remote _computer_ because the firewall is doing port-forwarding and that
you are not in fact accessing the ssh server on the firewall.
I realise this seems trivial, but we need to be *absolutely* sure.
Second, could you PLEASE report the output of "ssh -vvv".
If its short then in-line can do, if not please use one of the 'boxes'
were we an read a longer output.
--
/"\
\ / ASCII Ribbon Campaign
X Against HTML Mail
/ \
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
2 Aug
2 Aug
3:13 a.m.
On 08/01/2014 08:49 AM, Anton Aylward wrote:
On 08/01/2014 05:09 AM, Roger Oberholtzer wrote:
+1 we would like to see the output.
I am also curious/concerned that you are connecting to what you are intending to
connect to. If you have confirmed the sshd_config in the server you are
attempting to connect to and 'Port' is either *unset* (default) or explicitly
set 'Port 22', then you are definitely on port 22. The server should also have
'Protocol 2' set to insure you are not being flummoxed by protocol differences.
As Anton suggests, the most telling output will be from your attempt with:
'ssh -vvv hostBehindBarcelonaFW'
The only other thought I have is that BarcelonaFW is in fact *NOT* forwarding
port 22 to the openSuSE box you need to connect with. Yes, you've confirmed the
config on the openSuSE box, but unless BarcelonaFW is taking your inbound
connection and explicitly forwarding it to SuSEhostBehindBarcelonaFW, you are
never getting the chance to actually establish the connection.
Also, if you have someone who has physical access to the server, you can have
them monitor sshd via `journalctl --no-pager --full --unit=sshd --follow`
Keep us posted and if you want more brainstorming, just yell. Also, if you have
a limited test account and want some help. Contact either Anton or I off-list
and we will be glad to help.
--
David C. Rankin, J.D.,P.E.
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
I have read all the suggestions. I am unclear how
the configuration at
either end (on each openSUSE machine) can effect this. Unless something
told ssh/sshd to connect on other than port 22. This is not the case. I
see that sshd on the destination is listening on port 22. Both systems
are in the default setup.
PLEASE! Help us by reporting the following.
First, when you connect using ssh at the cli, what is the prompt offered
by the other end?
I, for one, would like to verify that you are indeed accessing the
remote _computer_ because the firewall is doing port-forwarding and that
you are not in fact accessing the ssh server on the firewall.
I realise this seems trivial, but we need to be *absolutely* sure.
Second, could you PLEASE report the output of "ssh -vvv".
If its short then in-line can do, if not please use one of the 'boxes'
were we an read a longer output.
2403
days inactive
2404
days old
2 comments
3 participants
participants (3)
-
Anton Aylward -
David C. Rankin -
Roger Oberholtzer