On Thu, Jan 01, 2004 at 07:30:39PM +0000, Pigeon wrote: > On the following setup: > > Local end Remote end > Internet LAN > Local box:ppp0-----------------------ppp0:NAT box:eth0---Other boxes > > From the local end, I can ping the remote end OK, but I cannot ssh to it: > ssh fails with "ssh_exchange_identification: Connection closed by remote > host". Outgoing connections from the remote end work fine, though. > > I suspect that this is because I omitted to set up an iptables rule on the > NAT box at the remote end to forward incoming connections on port 22 to one > of the "other boxes", and therefore my only recourse is to physically go to > the remote end and set up such a rule - inconvenient and expensive! Or else > I've got /etc/hosts.deny at the remote end blocking non-local hosts.
No, your -vvv log shows that the client established a connection with the server. Perhaps the remote end is configured with 'ALL: PARANOID' in hosts.deny, and your reverse DNS is wrong? That's a common cause of ssh connections failing in the manner you describe, since tcp-wrappers checks happen at about that stage. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
