[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh to NATed box fails



On Fri, Jan 02, 2004 at 12:29:44AM +0000, Pigeon wrote:
> On Thu, Jan 01, 2004 at 10:02:36PM +0000, Colin Watson wrote:
> > Perhaps the remote end is configured with 'ALL: PARANOID' in hosts.deny,
> 
> Can't check without going there :-) but I'm fairly sure this is the case,
> from memory.
> 
> > and your reverse DNS is wrong? That's a common cause of ssh connections
> > failing in the manner you describe, since tcp-wrappers checks happen at
> > about that stage.
> 
> Ah yes, reverse DNS is wrong - on the local end I get:
> 
> pigeon@droitwichbox:~$ hostname
> droitwichbox.dyndns.org
> pigeon@droitwichbox:~$ host droitwichbox.dyndns.org
> droitwichbox.dyndns.org has address 195.40.200.248
> pigeon@droitwichbox:~$ host 195.40.200.248
> 248.200.40.195.in-addr.arpa domain name pointer tnt-5-248.easynet.co.uk.
> pigeon@droitwichbox:~$ 
> 
> ...so it looks like I need to temporarily reconfigure the local end's
> hostname according to the above result, and try again the next time the
> remote end comes online...

Tried it... # hostname tnt-9-92.easynet.co.uk (correct for this dialup
session)...

...but it fails in exactly the same way. So either

a) reconfiguring the local end's hostname is a flawed approach, or
b) there is a config problem other than ALL: PARANOID / broken reverse DNS
   at the remote end.

Is (a) true?

-- 
Pigeon

Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F

Attachment: pgp1WYYLDK5Sa.pgp
Description: PGP signature


Reply to: