obfuscated-openssh cann't let me login to server.

Discussion in 'Linux Networking' started by Hongyi Zhao, Oct 16, 2013.

  1. Hongyi Zhao

    Hongyi Zhao Guest

    Hi all,

    I own a account on the ssh server ssh.sshcenter.info, see here http://
    www.sshcenter.info/site-sshcenter/pay-ssh-account.php for detail, which
    supports the obfuscated ssh login method now.

    When I login with the following command, I always failed with the
    following information:

    werner@debian-asus:~$ ssh -Nfx -D 7070 -p
    60001 -Z key
    ssh: connect to host ssh.sshcenter.info port 60001: Connection timed out

    Why does this happen?

    Regards
     
    Hongyi Zhao, Oct 16, 2013
    #1
    1. Advertisements

  2. Hongyi Zhao

    ein Guest

    Reason is obvious. Please see above.

    It means that, ssh connection was not established. TCP handshake was
    interrupted after sending first packet with SYNC flag. Possible problems
    are:
    1. Hostname may be wrong.
    2. SSH port may be wrong.
    3. Something block this connection, for instance a firewall.


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.14 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

    iQIcBAEBAgAGBQJSXoFWAAoJEHr/aeHyxuoQNsMP/jR9TPk1kNFeov1nVkmoPTwJ
    ATTw6IyxlKgQkTW6+kt+SRayDTU6/fZTZZlMky9VVq4rosUZd/u059YjSGteedio
    jkloJXoYO7H8/+94I6dOnF/4h5uycVKzIbr4zQMLeVAqrCq4e1AOv0eUh6bxlfUR
    E0fo/dResWBal44rKRlXr8OxATE1B4eYM4eOML8VX6hHdvfLKJwt3xdWTtD0sPJc
    FyrFDe9IlSqJWMJk73ZLMJHyh1M7kciQ+GIdgB7CmXe9S5lcjuE70mj9Ny8uzC7C
    xWYDEd3R6lRUiMkYAcGjRZParpZNW3OFYbN5G4S0VwLlMl+kLivxjOBZsebH7pcR
    NPe3AMqL4XUxCaIxLs6Votb4HkMO3YtgpqPNSh7ohJDZ6fPIs0879DMLyI2ENM/r
    lLifCXdP7stvlbP+J4t2pO8Lc7I6dc+GSF4EsCcR2Wa9qATqnOvt23D2lSySEApD
    X848Gt5PANrJ4R+7bVa5svxFmqsYTc3/2K6XxWfVOEkEBJrbwNbK46EqpZ2p61ia
    UOvEdu7UwzH2mg1d8pAhf/xFR3jlag6f0Sw3sW3TmGo30q2IpiCP+kOxf7OYI8Ui
    9tBQzBq+k8haPu05dEMSfP1OlnIlqvZP9j9QyfUdnD1PLiOJGzHmGcPZ7sbCLmvl
    ivb3NGhXreXN7Q6WAcSy
    =8X2L
    -----END PGP SIGNATURE-----
     
    ein, Oct 16, 2013
    #2
    1. Advertisements

  3. Hongyi Zhao

    unruh Guest

    Ask them. This would seem to indicate that they are not listening to
    port 60001 or are very slow to respond.
    Note, are you sure you did not actually want 6001?
    I have no idea what "obfuscated ssh login" means.
    Nor can I read chinese I am afraid.

    Try
    ssh -vvv ...
    to see what your ssh side sent out the other side and is waiting for.
     
    unruh, Oct 16, 2013
    #3
  4. Hongyi Zhao

    Hongyi Zhao Guest

    The port and the hostname all are right ;-) I've check them again and
    again. And I can use the http://www.sshcenter.info/site-sshcenter/
    software/myentunnel-unicode-3.5.2-obfuscated.zip to login this server
    when I use Windows 7 OS.

    I've use the -v argument to obtain more information, see below for detail:

    -----------
    werner@debian-asus:~$ ssh -l hszhao ssh.sshcenter.info -p 60001 -Z key -v
    OpenSSH_5.2p1, OpenSSL 0.9.8o 01 Jun 2010
    debug1: Reading configuration data /usr/local/etc/ssh_config
    debug1: Connecting to ssh.sshcenter.info [218.30.64.199] port 60001.
    debug1: connect to address 218.30.64.199 port 60001: Connection timed out
    ssh: connect to host ssh.sshcenter.info port 60001: Connection timed out
    ----------

    Furthermore, I also checked the file /usr/local/etc/ssh_config, all of
    the content are commented out in this file, and this is the default case.

    See below for detail:

    --------
    werner@debian-asus:~$ cat /usr/local/etc/ssh_config
    # $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $

    # This is the ssh client system-wide configuration file. See
    # ssh_config(5) for more information. This file provides defaults for
    # users, and the values can be changed in per-user configuration files
    # or on the command line.

    # Configuration data is parsed as follows:
    # 1. command line options
    # 2. user-specific file
    # 3. system-wide file
    # Any configuration value is only changed the first time it is set.
    # Thus, host-specific definitions should be at the beginning of the
    # configuration file, and defaults at the end.

    # Site-wide defaults for some commonly used options. For a comprehensive
    # list of available options, their meanings and defaults, please see the
    # ssh_config(5) man page.

    # Host *
    # ForwardAgent no
    # ForwardX11 no
    # RhostsRSAAuthentication no
    # RSAAuthentication yes
    # PasswordAuthentication yes
    # HostbasedAuthentication no
    # GSSAPIAuthentication no
    # GSSAPIDelegateCredentials no
    # BatchMode no
    # CheckHostIP yes
    # AddressFamily any
    # ConnectTimeout 0
    # StrictHostKeyChecking ask
    # IdentityFile ~/.ssh/identity
    # IdentityFile ~/.ssh/id_rsa
    # IdentityFile ~/.ssh/id_dsa
    # Port 22
    # Protocol 2,1
    # Cipher 3des
    # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-
    cbc,3des-cbc
    # MACs hmac-md5,hmac-sha1,,hmac-ripemd160
    # EscapeChar ~
    # Tunnel no
    # TunnelDevice any:any
    # PermitLocalCommand no
    # VisualHostKey no
     
    Hongyi Zhao, Oct 17, 2013
    #4
  5. Hongyi Zhao

    unruh Guest

    Well that tells you that the other side is not responsding. You have to
    take it up with them. Nothing you can do.
    What is it wirth 60001 port?
    There are none. All lines are comments. None do anything.
     
    unruh, Oct 18, 2013
    #5
  6. Hongyi Zhao

    ein Guest

    Sorry for late answer, I was busy. According to my nmap's results:

    Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-21 04:07 CEST
    mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is
    disabled. Try using --system-dns or specify valid servers with --dns-servers
    Initiating SYN Stealth Scan at 04:07
    Scanning 218.30.64.199 [1 port]
    Completed SYN Stealth Scan at 04:07, 2.02s elapsed (1 total ports)
    Nmap scan report for 218.30.64.199
    Host is up.
    PORT STATE SERVICE
    60001/tcp *filtered* unknown

    Read data files from: /usr/share/nmap
    Nmap done: 1 IP address (1 host up) scanned in 2.06 seconds
    Raw packets sent: 2 (88B) | Rcvd: 0 (0B)

    The host is down and was down in the day you wrote this massage.

    According to 'nslookup ssh.sshcenter.inf':

    ;; Truncated, retrying in TCP mode.
    Server: 127.0.0.1
    Address: 127.0.0.1#53

    Non-authoritative answer:
    ssh.sshcenter.info canonical name = c-ssh.luozhucheng.info.
    Name: c-ssh.luozhucheng.info
    Address: 108.61.74.44
    Name: c-ssh.luozhucheng.info
    Address: 142.4.60.109
    Name: c-ssh.luozhucheng.info
    Address: 162.210.39.138
    Name: c-ssh.luozhucheng.info
    Address: 162.218.93.91
    Name: c-ssh.luozhucheng.info
    Address: 162.220.218.146
    Name: c-ssh.luozhucheng.info
    Address: 173.252.246.216
    Name: c-ssh.luozhucheng.info
    Address: 173.254.227.21
    Name: c-ssh.luozhucheng.info
    Address: 184.95.43.34
    Name: c-ssh.luozhucheng.info
    Address: 192.30.35.196
    Name: c-ssh.luozhucheng.info
    Address: 198.23.227.195
    Name: c-ssh.luozhucheng.info
    Address: 198.56.129.15
    Name: c-ssh.luozhucheng.info
    Address: 198.98.103.195
    Name: c-ssh.luozhucheng.info
    Address: 198.199.101.80
    Name: c-ssh.luozhucheng.info
    Address: 199.68.199.229
    Name: c-ssh.luozhucheng.info
    Address: 199.91.71.205
    Name: c-ssh.luozhucheng.info
    Address: 199.119.224.224
    Name: c-ssh.luozhucheng.info
    Address: 199.231.227.191
    Name: c-ssh.luozhucheng.info
    Address: 209.141.63.131
    Name: c-ssh.luozhucheng.info
    Address: 216.24.199.57
    Name: c-ssh.luozhucheng.info
    Address: 216.158.84.79
    Name: c-ssh.luozhucheng.info
    Address: 23.90.4.123
    Name: c-ssh.luozhucheng.info
    Address: 69.163.34.77
    Name: c-ssh.luozhucheng.info
    Address: 69.197.147.91
    Name: c-ssh.luozhucheng.info
    Address: 69.197.147.92
    Name: c-ssh.luozhucheng.info
    Address: 74.82.164.28

    This hostname resolves to few different IP addresses. So try different:

    Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-21 04:15 CEST
    mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is
    disabled. Try using --system-dns or specify valid servers with --dns-servers
    Initiating SYN Stealth Scan at 04:15
    Scanning 25 hosts [1 port/host]
    Discovered open port 60001/tcp on 162.210.39.138
    Discovered open port 60001/tcp on 192.30.35.196
    Discovered open port 60001/tcp on 142.4.60.109
    Discovered open port 60001/tcp on 198.56.129.15
    Discovered open port 60001/tcp on 184.95.43.34
    Discovered open port 60001/tcp on 173.254.227.21
    Discovered open port 60001/tcp on 173.252.246.216
    Discovered open port 60001/tcp on 162.218.93.91
    Discovered open port 60001/tcp on 162.220.218.146
    Discovered open port 60001/tcp on 198.23.227.195
    Discovered open port 60001/tcp on 199.231.227.191
    Discovered open port 60001/tcp on 108.61.74.44
    Discovered open port 60001/tcp on 199.68.199.229
    Discovered open port 60001/tcp on 199.119.224.224
    Discovered open port 60001/tcp on 199.91.71.205
    Discovered open port 60001/tcp on 69.197.147.92
    Discovered open port 60001/tcp on 23.90.4.123
    Discovered open port 60001/tcp on 69.197.147.91
    Discovered open port 60001/tcp on 209.141.63.131
    Discovered open port 60001/tcp on 216.158.84.79
    Discovered open port 60001/tcp on 216.24.199.57
    Discovered open port 60001/tcp on 198.199.101.80
    Discovered open port 60001/tcp on 74.82.164.28
    Discovered open port 60001/tcp on 198.98.103.195
    Discovered open port 60001/tcp on 69.163.34.77
    SSH client configuration is irrelevant now. Not until TCP handshake is
    established.



    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.15 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

    iQIcBAEBAgAGBQJSZI+TAAoJEHr/aeHyxuoQLCsP+QECcmQRL3BZ1rlt/X7JCVPA
    /8txdaN6N4iDkOPlbH/9oiIBOwqs6F2Eeb2DNEawGSK/dOd7Uo6zCrQqu3EZQFba
    NWzI3hGyvwbkuKcdxK2kgSFouvnBBONkRMCCn5WK7j4ft9wIGuZgfeiHM7u1x04A
    t3ic69SguzYeJD1AJNdhHXYT8A/DbY9i/qSVQzR2tVG+EwYPG9ZCRypgtfhevW1h
    C3IQjKdaByAEQjhcHUl9UzWtL5M9Jf1YXUWVGfIPJBABmQMlCEniibte2TPZj79p
    jvAl/NbtwgRTA3weooyB/HcVZ675OKEtcxYA0sLd52qCFuixL8ezff8bydwb8xBk
    sDfeOao2TQceZ1zxSBQaHeHxSKR8cYU8hAAf3EjXmCqdV+pS3sYBwxk5t/URD/oO
    8/+PnZBdZ9AxFrOvbl2MbdIk95fupLC/+wYu27nGn2DP49xiTSLB9GfYZrUL8Aoi
    qI+wwlSOYh3WqJece/HRTH2GmcErm5gZXJESZLNNtBZ0Bhwn1nOX5c+LPwDyFlMe
    mYHzNcRp2KArVtQPlDgtHvjoDWdLhWgzsW12Kc0M+AmfphMIK+BRSvTf7CkHO/Il
    ht2+s+i32m7ZhIckUSuawh0YY6oMVg4Q6fX3N+n877c5Z3n+EI80i4EnW9yltnvA
    XgkbEwOnXuYrbppvSPwX
    =4kHu
    -----END PGP SIGNATURE-----
     
    ein, Oct 21, 2013
    #6
  7. Hongyi Zhao

    Hongyi Zhao Guest

    According your above results, you can find all of the ip addreses that
    binded with the FQDN ssh.sshcenter.info. But in my case, I only can find
    one IP of them:

    -------
    werner@debian-asus:~$ nslookup ssh.sshcenter.info
    Server: 192.168.0.1
    Address: 192.168.0.1#53

    Non-authoritative answer:
    Name: ssh.sshcenter.info
    Address: 216.24.199.57
     
    Hongyi Zhao, Nov 2, 2013
    #7
  8. Hello,

    Hongyi Zhao a écrit :
    Your recursive DNS server 192.168.0.1 (or its upstream DNS) is broken or
    lies. It does not even mention that ssh.sshcenter.info is a CNAME
    (alias). Can't you use another one ?
     
    Pascal Hambourg, Nov 2, 2013
    #8
  9. Hongyi Zhao

    Hongyi Zhao Guest

    I don't know how to find the recursive DNS server for my case, see the
    following output on my Debian box:

    ----------
    werner@debian-asus:~$ sudo ifconfig
    eth0 Link encap:Ethernet HWaddr c8:60:00:df:24:23
    inet addr:192.168.0.5 Bcast:192.168.0.255 Mask:255.255.255.0
    inet6 addr: fe80::ca60:ff:fedf:2423/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:34079 errors:0 dropped:0 overruns:0 frame:0
    TX packets:32438 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:25156142 (23.9 MiB) TX bytes:4868917 (4.6 MiB)
    Interrupt:20 Memory:f7300000-f7320000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:85 errors:0 dropped:0 overruns:0 frame:0
    TX packets:85 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:346591 (338.4 KiB) TX bytes:346591 (338.4 KiB)
     
    Hongyi Zhao, Nov 3, 2013
    #9
  10. Hongyi Zhao a écrit :
    The nameserver addresses are defined in /etc/resolv.conf. However you
    can test a different nameserver with nslookup,dig,host without modifying
    the file. E.g. if you want to test one of Google's open DNS servers :

    $ nslookup ssh.sshcenter.info 8.8.8.8
     
    Pascal Hambourg, Nov 3, 2013
    #10
  11. Hongyi Zhao

    Hongyi Zhao Guest

    Good, thanks.

    Regards
     
    Hongyi Zhao, Nov 4, 2013
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.