et ssh home (from work)

schneidz · 05-21-2007, 11:16 AM

hi, i am hoping to be able to connect to my pc at home while i am in the office.

i thought it was that my company's firewall doesnt allow port 22 traffic so i set up my ssh server to listen out of port 80 thinking i could confuse my company's firewall into thinking it was http traffic.

but putty still hangs for about :30 secs and then i still get 'network error: connection timed out'.

when i use internet explorer i get a page that says: 'SSH-1.99-OpenSSH_3.5p1 hhhhhhhhhhhhhhh' (without the h's)

is there a way to get a command line prompt to my pc ?

thanks,

Matir · 05-21-2007, 11:23 AM

That looks like the correct SSH banner. Is it possible that your work is running a transparent proxy? Try running it on port 443, the HTTPS ports. Many firewalls are configured to just let it right through.

schneidz · 05-21-2007, 05:05 PM

thanks matir but that diddnt work.

i get a 'connection closed by remote host' error in putty.

inetenet explorer gives this:

Code:

http://x.x.x.x:443
SSH-1.99-OpenSSH_3.5p1

any other ideas ?

Matir · 05-21-2007, 05:50 PM

In internet explorer, try going to a secure website and checking to see if the certificate belongs to your company or to the real server. If its your company, they're even running an SSL proxy, which will make things much more difficult.

schneidz · 05-22-2007, 11:40 AM

good reminder. i just paid my car insurance and i clicked on the lock icon on the bottom right.

the certificate path says from verisign to verisign to verisign to my insurance company.

tahnks,

Matir · 05-22-2007, 01:00 PM

I would look and see if PuTTY has a verbose mode that might tell us more about what is going on. Also, you may want to try looking at logs on your server to see if it recorded anything unusual.

schneidz · 05-23-2007, 05:40 PM

thanks for the suggestion, putty's logging is pretty weak.

but my logs has a lot of hits, here's the latest:

Code:

[root@hyper root]# grep -ir ssh /var/log | grep -i "may 23 18"
/var/log/secure:May 23 18:30:53 pcp04663196pcs sshd[8303]: Did not receive identification string from x.x.x.x
[root@hyper root]#

is there a way to force it to send a id string ? (what is an id string ?)

thanks,

schneidz · 05-26-2007, 01:42 PM

here's what i got:

i am at home and i can putty into my redhat machine easily. then even if i leave the connection on i will vpn into my company lan. the existing connection will close (putty says "software caused the connection to close"). then i am unable to ssh back into my redhat machine until i close the vpn session.

Code:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

//before vpn to company lan
C:\Documents and Settings>ipconfig

Windows IP Configuration


Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . : host.pa.isp.net.
        IP Address. . . . . . . . . . . . : 192.168.5.102
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.5.1

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : host.pa.isp.net.
        IP Address. . . . . . . . . . . . : 192.168.5.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.5.1

//after vpn to company lan
C:\Documents and Settings>ipconfig

Windows IP Configuration


Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . : host.pa.isp.net.
        IP Address. . . . . . . . . . . . : 192.168.5.102
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : host.pa.isp.net.
        IP Address. . . . . . . . . . . . : 192.168.5.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 4:

        Connection-specific DNS Suffix  . : vpn.company.lan.com
        IP Address. . . . . . . . . . . . : x.x.x.x
        Subnet Mask . . . . . . . . . . . : 255.255.240.0
        Default Gateway . . . . . . . . . : x.x.x.x

C:\Documents and Settings>

does this make sense ?

here is where i ran sshd in debug mode:

Code:

[schneidz@hyper log]$ sudo /usr/sbin/sshd -d -d -d
debug1: sshd version OpenSSH_3.5p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 443 on 192.168.5.25.
Server listening on 192.168.5.25 port 443.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from x.x.x.x port 16232 Did not receive identification string from x.x.x.x
debug1: Calling cleanup 0x8070d90(0x0)
[schneidz@hyper log]$

this may be a stupid question but is the identification string the same as the username ?

thanks,

Matir · 05-26-2007, 09:52 PM

No, identification string is the client telling the server what protocol versions it supports, etc. There could be an SSL proxy of some sort, I suppose.

schneidz · 05-29-2007, 09:31 AM

thanks a lot matir, you helped me immensely.

i guess this is my dead-end.

i dont think there is a configuration which would make the server ignore the id string.

this thread mentions editing source so that it doesnt look for id string:
http://www.linuxquestions.org/questi...ng+from+source

does anyone have a suggestion how i edit its source ?

thak you,