Problem with ssh

Hi folks,
I have some problems getting connected to a remote maschine (outside
my local network) via ssh. The local mashine is a linux box with Suse
9.1 behind a router.

The remote sshd prompts me for a password and hangs.

Using XP with putty from the same mashine everything works fine.
I dropped my first idea that the router is not well configured, due to
the fact that putty works fine. Packets are forwarded.

Within my local network I'm able to connect to a second linux box via
ssh.

Is there the a special command or a parameter within ssh_config to
connect to a remote mashine outside my local network?

Looking for help.

Heiko

What type of authentication do you use?
Perhaps Windows Putty uses a different authentication.

For example if you use RSAAuthentication you'll need your private key.

Best Regards
Dam

Heiko Heger wrote:

> Hi folks,
> I have some problems getting connected to a remote maschine (outside
> my local network) via ssh. The local mashine is a linux box with Suse
> 9.1 behind a router.
>
> The remote sshd prompts me for a password and hangs.


>
> Using XP with putty from the same mashine everything works fine.
> I dropped my first idea that the router is not well configured, due to
> the fact that putty works fine. Packets are forwarded.
>
> Within my local network I'm able to connect to a second linux box via
> ssh.
>
> Is there the a special command or a parameter within ssh_config to
> connect to a remote mashine outside my local network?
>
> Looking for help.
>
> Heiko

Hi Dam,
both, putty and ssh, uses no RSAAuthentication and both use ssh2
protocol.

I have connected from one local mashine to another local mashine
(server) with ssh and putty and had a look at the servers
/var/log/messages. Both entries are identical.

If I connect to the remote mashine with ssh, I'm prompted for my
password. If I input the wrong password, I get an error message
"Permission denied: please try again." That looks for me, that I've a
connect to the remote mashine and the routing is correct. Do I input
my correct password, I get no responce and I have to kill the process
with "kill -9 #####"

Unfortunately I hvae no access to the remote's /var/log/messages to
compare the lines when I connect with putty and when I try to connect
with ssh. The servers admin is a friend on mine and he will help me
but he has to do his own work.

btw: In the meantime I use putty from my linux box via wine.

Heiko



Damiano Fasoli <(E-Mail Removed)> wrote in message news:<w%vNd.19538$(E-Mail Removed)>.. .
> What type of authentication do you use?
> Perhaps Windows Putty uses a different authentication.
>
> For example if you use RSAAuthentication you'll need your private key.
>
> Best Regards
> Dam
>
> Heiko Heger wrote:
>
> > Hi folks,
> > I have some problems getting connected to a remote maschine (outside
> > my local network) via ssh. The local mashine is a linux box with Suse
> > 9.1 behind a router.
> >
> > The remote sshd prompts me for a password and hangs.
>
>
> >
> > Using XP with putty from the same mashine everything works fine.
> > I dropped my first idea that the router is not well configured, due to
> > the fact that putty works fine. Packets are forwarded.
> >
> > Within my local network I'm able to connect to a second linux box via
> > ssh.
> >
> > Is there the a special command or a parameter within ssh_config to
> > connect to a remote mashine outside my local network?
> >
> > Looking for help.
> >
> > Heiko

> Hi folks,
> I have some problems getting connected to a remote maschine (outside
> my local network) via ssh. The local mashine is a linux box with Suse
> 9.1 behind a router.
>
> The remote sshd prompts me for a password and hangs.
>
> Using XP with putty from the same mashine everything works fine.
> I dropped my first idea that the router is not well configured, due to
> the fact that putty works fine. Packets are forwarded.
>
> Within my local network I'm able to connect to a second linux box via
> ssh.
>
> Is there the a special command or a parameter within ssh_config to
> connect to a remote mashine outside my local network?

No. Try running ssh with -v, -vv, or -vvv and see what log output you get.
At least there should be some hints about what sorts of authentication it's
trying.

--
To reply by email, replace "deadspam.com" by "alumni.utexas.net"

Heiko Heger wrote:

> Hi folks,
> I have some problems getting connected to a remote maschine (outside
> my local network) via ssh. The local mashine is a linux box with Suse
> 9.1 behind a router.
>
> The remote sshd prompts me for a password and hangs.
>
> Using XP with putty from the same mashine everything works fine.
> I dropped my first idea that the router is not well configured, due to
> the fact that putty works fine. Packets are forwarded.
>
> Within my local network I'm able to connect to a second linux box via
> ssh.
>
> Is there the a special command or a parameter within ssh_config to
> connect to a remote mashine outside my local network?
>

Long shot, but I've read of problems caused because buggy kit/firewalls
don't like Linux setting the TOS bits on telnet/ssh/ftp packets.

You could try adding an iptables rule to clear them -

iptables -A POSTROUTING -t mangle -j DSCP --set-dscp 0x0

Andy.

Heiko Heger wrote:

> Unfortunately I hvae no access to the remote's /var/log/messages to
> compare the lines when I connect with putty and when I try to connect
> with ssh. The servers admin is a friend on mine and he will help me
> but he has to do his own work.
>
> btw: In the meantime I use putty from my linux box via wine.
>
> Heiko

FYI you can download the source for putty, compile it, and run it
natively under linux.

Mike

Hi Andy,
your hint works great. I've no idea what this iptables code does in
detail, but it works.

Thanks a lot.

Heiko

> Long shot, but I've read of problems caused because buggy kit/firewalls
> don't like Linux setting the TOS bits on telnet/ssh/ftp packets.
>
> You could try adding an iptables rule to clear them -
>
> iptables -A POSTROUTING -t mangle -j DSCP --set-dscp 0x0
>
> Andy.

Heiko Heger wrote:

> Hi Andy,
> your hint works great.

Ahh we've found another buggy router then - what is it?

I've also seen an issue like this that started when the ISP changed
something - seems to be getting more common.

I've no idea what this iptables code does in
> detail, but it works.

In theory this should also work

iptables -A POSTROUTING -t mangle -j TOS --set-tos 0x0

I posted using DSCP as I know that fixes it, though as we are talking about
the TOS bits on a packet the above does look more appropriate - DSCP
(differentiated services) use the same bits for the same reason but it is
more flexible than the few options TOS allows.

TOS bits are part of an IP header and get set by some apps so that
interactive traffic can be priorotised over bulk (the default queue on
Linux interfaces will use them - but they don't generally make any
difference on the internet AFAIK).

For some reason some kit doesn't like this - the rule just sets them to 0


> > Long shot, but I've read of problems caused because buggy kit/firewalls
> > don't like Linux setting the TOS bits on telnet/ssh/ftp packets.

Should have said that some Linux apps set them rather that Linux here
really.

Andy.

> >
> > You could try adding an iptables rule to clear them -
> >
> > iptables -A POSTROUTING -t mangle -j DSCP --set-dscp 0x0
> >
> > Andy.

>
> Ahh we've found another buggy router then - what is it?
>

It's a D-Link DSL 564T with a firmware releases as of Sep. 2004.
I've changed the router a few weeks ago. My older one was a Netopia
3356DE-ENT. Due to the reason that the Netopia has no web-interface
and I had no docs for it I changed the router.


> I've also seen an issue like this that started when the ISP changed
> something - seems to be getting more common.
>
> I've no idea what this iptables code does in
> > detail, but it works.
>
> In theory this should also work
>
> iptables -A POSTROUTING -t mangle -j TOS --set-tos 0x0
>

I'll check this different IPTABLES code next weekend or the weekend
after.

Thanks a lot again.

Heiko