ssh to NATed box fails

Thu, 01 Jan 2004 12:51:09 -0800 

On the following setup:

        Local end                                         Remote end
                          Internet                            LAN
        Local box:ppp0-----------------------ppp0:NAT box:eth0---Other boxes
        
From the local end, I can ping the remote end OK, but I cannot ssh to it:
ssh fails with "ssh_exchange_identification: Connection closed by remote
host". Outgoing connections from the remote end work fine, though.

I suspect that this is because I omitted to set up an iptables rule on the
NAT box at the remote end to forward incoming connections on port 22 to one
of the "other boxes", and therefore my only recourse is to physically go to
the remote end and set up such a rule - inconvenient and expensive! Or else
I've got /etc/hosts.deny at the remote end blocking non-local hosts.

Before I do this, it would be most helpful if someone could confirm my
conclusion!

Since I can't get into the remote end, I can't post its iptables rules or
its sshd_config. The keys are OK, and password authentication is allowed.
The output of ssh -vvv from the local end is as follows:

OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to remoteend's.dynamic.extIP [217.134.37.100] port 22.
debug1: Connection established.
debug1: identity file /home/pigeon/.ssh/identity type -1
debug3: Not a RSA1 key file /home/pigeon/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
<snip 11 identical such lines>
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/pigeon/.ssh/id_rsa type -1
debug1: identity file /home/pigeon/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
debug1: Calling cleanup 0x8063a9c(0x0)

(The 'unknown key type' and 'key_read: no space' entries are not the
problem; I get those even when ssh-ing between boxes at the remote end, when
I'm at that end.)

TIA,

-- 
Pigeon

Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to