[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH: remote login returns "invalid user"

Morgan Gangwere <0.fractalus@gmail.com> writes:

> on Sat, 11 Sep 2010 15:38:04 -0400, brownh
> <[🔎] 871v90ax5v.fsf@teufel.historicalMaterialism.info> attacked their
> terminal with [snip]
>
> Random Blithering Curiosity... Is the gateway a NAPT?

NAT loopback is not enabled on my router. Not sure this answers your
question.

> I had this problem for a while where I would be fine on the inside, then as
> soon as I went to the outside, I'd get the same problem you're experiencing.

My googling suggests a lot of people have the problem, but the reasons
seem different.

> Checking the following fixed my problems:
>
> 1) don't ssh as root unless you /have/ to.
> 2) Check that your NA(P)T allows port 22 on TCP *and* UDP, incoming and
> outgoing.
> 3) try using an SSH key. This occasionally fixes things.

I don't ssh as root; NAT is disabled in my router. As for SSH key,
I'll give that a try, but too little time before I fly out of here.

> I have a Lenny box sitting on my desk that I SSH to all the time
> with the default configuration. Nothing special, just the default
> OpenSSH-server configuration.

Good to know. I've mailed a query to the ssh list. 

> For those who were confused:
> The setup as it looks like to me is this:
>
> (Internets)----[Gateway/router]--,---[server]
>                                   `--[laptop]
>  this configuration /works/.
> [laptop]---(??)--(internets)--[gateway]---[server]
>  This does not.

Now I am confused ;-(. What I'm trying to do is:

  laptop client -> internet/nameserver -> router -> server on LAN

Your first line looks like what I have now; the second line looks like
where I'm trying to get.
  
> This leads me to beg that there is either a configuration issue that
> says "Dont let anyone who's not on my local network talk to me" or a
> configuration issue with port translation.

The first problem sounds like it would involve my router, but I've
enabled ssh services in it. I don't know if I should enable NAT (my
rough impression is that NAT is best avoided). I should think my name
server would be able to use port info to send signals to the right
place, but I know nothing about it this "translation".

Haines Brown
Reply to: