[techtalk] How do I make the first ssh connection?

Thu Apr 26 10:05:02 EST 2001

A couple of things, 

First, Do you want to be ssh'ing to the ftp port (21)? 

Secondly, authorized_keys is used for allowing one machine to ssh into
another machine without using a password. You should still be able to
connect without populating the authorized_keys file with the identity.pub
key, you'll just have to enter the password. Also, the known_hosts file is
populated when you are ssh'ing out, so you shouldn't have to populate that
at all. 

The third thing I'd check is the /etc/hosts.allow and /etc/hosts.deny
files. Are they set to allow from the IP? 

If you are still stumped, I'd do a tcpdump to watch the communication
between the hosts. 

Jen

On Wed, 25 Apr 2001, Conor Daly wrote:

> Hi,
> 
> I've opened ports 21, 22, 23 and 80 in my firewall and forwarded them to
> port 22 on an internal host.  I all cases, ssh to the firewall from *inside*
> the firewall gets forwarded to the ssh server and I get to connect but from
> *outside*, it's a different matter.  The outside machine I'm going from is 
> itself masqued and has yet to make a first connection with ssh (I presume
> that's something to do with physically bringing public key(s) to the server
> and installing them somewhere.  Anyone able to help me there?).  I had port
> 80 forwarded to an internal port 80 and that worked so I'm tunnelling
> through the firewall that way anyhow but I'm unable to connect with ssh.  
> 
> I tested my port forwarding and firewall config with an online port scanner 
> and got hits at both the firewall and at the ssh server so I'm at something 
> of a loss.  
> There was mention on the masq list of dynamic IP addresses causing problems 
> but I haven't even got to the stage of being asked about an unknown host.
> 
> I've brought keys back and forth and put them in places like
> /etc/known_hosts and $HOME/.ssh/authorized_keys and so on.
> 
> Can anyone suggest anything?
> 
> Session transcripts follow.
> 
> [cdaly at bofh .ssh]$ ssh -v -p 21 xxx.xxx.xxx.xxx
> SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
> Compiled with SSL (0x0090581f).
> debug: Reading configuration data /etc/ssh/ssh_config
> debug: Applying options for *
> debug: Seeding random number generator
> debug: ssh_connect: getuid 500 geteuid 0 anon 0
> debug: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 21.
> debug: Allocated local port 1021.
> debug: Connection established.
> debug: Remote protocol version 1.99, remote software version OpenSSH_2.1.1
> Enabling compatibility mode for protocol 2.0
> debug: Local version string SSH-2.0-OpenSSH_2.1.1
> debug: Seeding random number generator
> debug: send KEXINIT
> debug: done
> debug: wait KEXINIT
>  35 30 30 20 63 6f 6d 6d
> Disconnecting: Bad packet length 892350496.
> debug: Calling cleanup 0x805db00(0x0)
> 
> In the logs on the server side I just get 
> 
> Apr 23 14:01:10 Valkerie sshd[2679]: Connection from yyy.yyy.yyy.yyy port 8120
> Apr 23 14:01:10 Valkerie sshd[2679]: Did not receive ident string from yyy.yyy.yyy.yyy
> 
> TIA
> 
> Conor.
> -- 
> Conor Daly <conor.daly at oceanfree.net>
> 
> Domestic Sysadmin :-)
> ---------------------
> Faenor.cod.ie
>   9:15pm  up 10 days,  7:29,  0 users,  load average: 0.00, 0.00, 0.00
> Hobbiton.cod.ie
>   9:13pm  up 57 days,  6:50,  2 users,  load average: 0.12, 0.08, 0.03
> 
> _______________________________________________
> techtalk mailing list
> techtalk at linuxchix.org
> http://www.linux.org.uk/mailman/listinfo/techtalk
> 