Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Very strange SSH problem!

  • Subject: Re: Very strange SSH problem!
  • From: Roy Schestowitz <newsgroups@schestowitz.com>
  • Date: Sat, 30 Jul 2005 08:44:06 +0100
  • Newsgroups: alt.os.linux.suse
  • Organization: schestowitz.com / Manchester University
  • References: <42ea09b9$0$15283$afc38c87@news.optusnet.com.au> <dcf87l$kkh$1@godfrey.mcc.ac.uk> <42eb2aaa$0$22219$afc38c87@news.optusnet.com.au>
  • Reply-to: newsgroups@schestowitz.com
  • User-agent: KNode/0.7.2
MD wrote:

> Roy Schestowitz wrote:
>> MD wrote:
>> 
>>>Hello everybody. I am having a VERY strange problem with secure shell. I
>>>hope somebody can give some light.
>>>
>>>I used to connect from here (home, ADSL connection) to my office
>>>(university) via ssh without problems (SuSE 9.1 on both machines).
>>>
>>>Then I installed SuSE Linux Proffesional 9.3 a few days ago only at home
>>>, and now ssh behaves very strange.I can't connect now from home to my
>>>office, but I can connect from office to home. But this is not the
>>>strange thing.
>>>
>>>The really strange thing is that when I am in my office, connected from
>>>"office" to "home", logged in by ssh in "home", and I initiate in "home"
>>>a ssh in connection back to "office", it works perfectly!. To make it
>>>more clear, at office I typed:
>>> ... ...
>>
>> Before Kevin's advice was posted I had wanted to suggest that you check
>> support for connections from the outside, e.g. scp and ssh. There is a
>> daemon that needs to be installed if it is not there by default. I used
>> to have a similar problem when connecting the work and University
>> machines. The work machine ran Ubuntu, which by default was not open to
>> connections from the outside.
>> 
>> Nonethess, I held back when considering this reply because if you
>> successfully get the 'loopback' ssh connection (connecting to self via
>> another node), then it pretty much breaks my assumptions above. I can't
>> think of any logical explanation (can you?) why a visitor should be able
>> to SSH when a physical user will not be able to do so. It seems like a
>> paradox. All are points to ponder, so perhaps my rambling will guide you
>> towards one solution or another...
>> ... ...
>> 
> Hello Roy. Thanks for the advice. It is indeed a paradox. I was thinking
> tht maybe the firewall at the uni (office) rejects all incoming
> connection request packets (as usual), and if this firewall (or rule)
> was added recently that could explain why now I have the problem. Then,
> to explain how a user sitting at office can remotely ssh login in home
> and from there make a ssh login back to office, it could be that after
> the first connection (office->home) is established, the ssh conenction
> back to the office uses the same TCP connection (same two IPs, same
> ports), and creates a new ssh connection within it. This is only guess,
> since I have little idea how ssh really works. By the way, does anybody
> know of a good turorial (rather than a HOWTO) on ssh?
> 
> To make things tedious, I retried conenction a moment ago (after
> rebooting), and it did work. If anyone wants to see the transaction,
> read below. I say bye here, although, and thanks a lot for the replies.
> 
> Milan.
> 
> myself@home:~>ssh -vvv myself@office
> OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to 134.123.123.123 [134.123.123.123] port 22.
> ...


Firewall is /definitely/ something to consider, at least at some obscure
level. The University here (Manchester) blocked all X traffic that is not
encrypted _only months ago_. This of course affected some students who used
X forwarding to log in to machines on campus. SSH, however, should encrypt
such traffic. This does not yet provide an explanation as to why you can
get the 'loopback' to work... BUT...

If you have just managed to get this working by rebooting, perhaps a fluke
was involved in earlier trials. Perhaps it was never the two-way SSH route
that made a difference. How convinced are you that the factor to consider
was indeed the direction of the SSH connections? Have you repeated this on
different occasions? Reboots in the interim? It is not something that a
computer user would typically do because machines don't have erratic
behaviours, network connections do (packet loss, albeit checksums
compensate for it).

Roy

-- 
Roy S. Schestowitz
http://Schestowitz.com

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index