Re: ssh to NATed box fails

[Colin Watson <cjwatson@debian.org>]

On Thu, Jan 01, 2004 at 07:30:39PM +0000, Pigeon wrote:
> On the following setup:
> 
>         Local end                                         Remote end
> 	                  Internet                            LAN
> 	Local box:ppp0-----------------------ppp0:NAT box:eth0---Other boxes
> 	
> From the local end, I can ping the remote end OK, but I cannot ssh to it:
> ssh fails with "ssh_exchange_identification: Connection closed by remote
> host". Outgoing connections from the remote end work fine, though.
> 
> I suspect that this is because I omitted to set up an iptables rule on the
> NAT box at the remote end to forward incoming connections on port 22 to one
> of the "other boxes", and therefore my only recourse is to physically go to
> the remote end and set up such a rule - inconvenient and expensive! Or else
> I've got /etc/hosts.deny at the remote end blocking non-local hosts.

No, your -vvv log shows that the client established a connection with
the server.

Perhaps the remote end is configured with 'ALL: PARANOID' in hosts.deny,
and your reverse DNS is wrong? That's a common cause of ssh connections
failing in the manner you describe, since tcp-wrappers checks happen at
about that stage.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]