cannot ssh from outside network

Vladimir Kosovac vkosovac at gmail.com
Sun Aug 6 21:53:12 UTC 2006


Paula, on 137.131.252.71 machine check /etc/hosts.deny and /etc/hosts.allow
files.
If they contain only comments at the beginning of each file, TCP wrappers
are not your problem.
However, if they have entries in them, /etc/hosts.deny might ressemble
something like:

in.telnetd: ALL
in.ftpd : ALL
sshd : ALL
syslog : ALL

which denies access to four daemons from any remote machine. To get around
this, you use /etc/hosts.allow file, with explicit entries for
hosts that need access to particular daemon. In your case:

sshd: 192.42.82.56

As far as firewall goes, I'd say yours is letting that stuff through, since
the error received is ssh specific reply.

V

On 8/4/06, Paula J. Lindsay <paula at scripps.edu> wrote:
>
> Thank you for your responses.  Can you tell me how to check the TCP
> wrappers?
> Also, I am new to linux (been on SGIs for ten years).  Can you tell me
> how to
> check to make sure the firewall is letting ssh traffic thru?
> Many thanks,
> Paula
>
> Vladimir Kosovac wrote:
>
> > Did you check TCP wrappers on 137.131.252.71? (hosts.deny / hosts.allow)
> > Also, as others suggested, make sure firewall lets through ssh traffic.
> >
> > V
> >
> > On 8/3/06, Manuel Arostegui Ramirez <manuel at todo-linux.com> wrote:
> >
> >>
> >> El Jueves, 3 de Agosto de 2006 01:11, Paula J. Lindsay escribió:
> >> > Hi,
> >> > I have a redhat 9 box.
> >> >
> >>
> >> You should upgrade your box, RH 9.0 is quite old.
> >>
> >> > I tried to connect to the redhat 9 box from a machine outside our
> >> network
> >> > and got the following... 101 worf: ssh -l spooner 137.131.252.71
> >> >       ssh_exchange_identification: Connection closed by remote host
> >> >
> >>
> >> Use ssh -l spooner 137.131.252.71 -v -v -v
> >> In order to debug find out what's wrong in the autenthication proccess.
> >>
> >> >       And the following packet capture from inside of our firewall
> >> shows
> >> > that born receives the connection and then refuses it with a Fin
> >> packet...
> >> > 15:51:13.740835 192.42.82.56.1401 > 137.131.252.71.22: S
> >> >       15:51:13.744082 137.131.252.71.22 > 192.42.82.56.1401: S
> >> >       15:51:18.821897 137.131.252.71.22 > 192.42.82.56.1401: F
> >> >
> >> >       A connection attempt from within our network is successful.
> >> Maybe
> >> > this machine is treating hosts from outside of our 137.131 IP space
> >> > differently? Can someone help me?
> >> > Many thanks in advance.
> >> > Paula
> >>
> >> Is that box behind a firewall? If so, take a look at those logs.
> >>
> >> Greetings.
> >>
> >> --
> >> Manuel Aróstegui Ramírez.
> >>
> >> Electronic Mail is not secure, may not be read every day, and should
> not
> >> be used for urgent or sensitive issues.
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
>
> --
> --*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
>   o The                 Paula J. Lindsay, IT Analyst III
> /                      Research Computing, TPC21
> o   Scripps             phone:  858.784.9378
> \                      fax:    858.784.9301
>   o Research            email: paula at scripps.edu
> /
> o   Institute
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



More information about the redhat-list mailing list