A couple of things, First, Do you want to be ssh'ing to the ftp port (21)? Secondly, authorized_keys is used for allowing one machine to ssh into another machine without using a password. You should still be able to connect without populating the authorized_keys file with the identity.pub key, you'll just have to enter the password. Also, the known_hosts file is populated when you are ssh'ing out, so you shouldn't have to populate that at all. The third thing I'd check is the /etc/hosts.allow and /etc/hosts.deny files. Are they set to allow from the IP? If you are still stumped, I'd do a tcpdump to watch the communication between the hosts. Jen On Wed, 25 Apr 2001, Conor Daly wrote: > Hi, > > I've opened ports 21, 22, 23 and 80 in my firewall and forwarded them to > port 22 on an internal host. I all cases, ssh to the firewall from *inside* > the firewall gets forwarded to the ssh server and I get to connect but from > *outside*, it's a different matter. The outside machine I'm going from is > itself masqued and has yet to make a first connection with ssh (I presume > that's something to do with physically bringing public key(s) to the server > and installing them somewhere. Anyone able to help me there?). I had port > 80 forwarded to an internal port 80 and that worked so I'm tunnelling > through the firewall that way anyhow but I'm unable to connect with ssh. > > I tested my port forwarding and firewall config with an online port scanner > and got hits at both the firewall and at the ssh server so I'm at something > of a loss. > There was mention on the masq list of dynamic IP addresses causing problems > but I haven't even got to the stage of being asked about an unknown host. > > I've brought keys back and forth and put them in places like > /etc/known_hosts and $HOME/.ssh/authorized_keys and so on. > > Can anyone suggest anything? > > Session transcripts follow. > > [cdaly@bofh .ssh]$ ssh -v -p 21 xxx.xxx.xxx.xxx > SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0. > Compiled with SSL (0x0090581f). > debug: Reading configuration data /etc/ssh/ssh_config > debug: Applying options for * > debug: Seeding random number generator > debug: ssh_connect: getuid 500 geteuid 0 anon 0 > debug: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 21. > debug: Allocated local port 1021. > debug: Connection established. > debug: Remote protocol version 1.99, remote software version OpenSSH_2.1.1 > Enabling compatibility mode for protocol 2.0 > debug: Local version string SSH-2.0-OpenSSH_2.1.1 > debug: Seeding random number generator > debug: send KEXINIT > debug: done > debug: wait KEXINIT > 35 30 30 20 63 6f 6d 6d > Disconnecting: Bad packet length 892350496. > debug: Calling cleanup 0x805db00(0x0) > > In the logs on the server side I just get > > Apr 23 14:01:10 Valkerie sshd[2679]: Connection from yyy.yyy.yyy.yyy port 8120 > Apr 23 14:01:10 Valkerie sshd[2679]: Did not receive ident string from >yyy.yyy.yyy.yyy > > TIA > > Conor. > -- > Conor Daly <[EMAIL PROTECTED]> > > Domestic Sysadmin :-) > --------------------- > Faenor.cod.ie > 9:15pm up 10 days, 7:29, 0 users, load average: 0.00, 0.00, 0.00 > Hobbiton.cod.ie > 9:13pm up 57 days, 6:50, 2 users, load average: 0.12, 0.08, 0.03 > > _______________________________________________ > techtalk mailing list > [EMAIL PROTECTED] > http://www.linux.org.uk/mailman/listinfo/techtalk > _______________________________________________ techtalk mailing list [EMAIL PROTECTED] http://www.linux.org.uk/mailman/listinfo/techtalk