[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH: remote login returns "invalid user"



on Sun, 12 Sep 2010 00:08:07 -0400, brownh
<87hbhva9js.fsf@teufel.historicalMaterialism.info> attacked their terminal with
+Morgan Gangwere <0.fractalus@gmail.com> writes:
+
+> on Sat, 11 Sep 2010 15:38:04 -0400, brownh
+> <871v90ax5v.fsf@teufel.historicalMaterialism.info> attacked their
+> terminal with [snip]
+>
+> Random Blithering Curiosity... Is the gateway a NAPT?
+
+NAT loopback is not enabled on my router. Not sure this answers your
+question.

NAT Loopback means that if the outside IP is requested, it acts like its coming
from the outside, not the inside.

+> Checking the following fixed my problems:
+>
+> 1) don't ssh as root unless you /have/ to.
+> 2) Check that your NA(P)T allows port 22 on TCP *and* UDP, incoming and
+> outgoing.
+> 3) try using an SSH key. This occasionally fixes things.
+
+I don't ssh as root; NAT is disabled in my router. As for SSH key,
+I'll give that a try, but too little time before I fly out of here.

See below...

+> I have a Lenny box sitting on my desk that I SSH to all the time
+> with the default configuration. Nothing special, just the default
+> OpenSSH-server configuration.
+
+Good to know. I've mailed a query to the ssh list. 
+
+> For those who were confused:
+> The setup as it looks like to me is this:
+>
+> (Internets)----[Gateway/router]--,---[server]
+>                                   `--[laptop]
+>  this configuration /works/.
+> [laptop]---(??)--(internets)--[gateway]---[server]
+>  This does not.
+
+Now I am confused ;-(. What I'm trying to do is:
+
+  laptop client -> internet/nameserver -> router -> server on LAN
+
+Your first line looks like what I have now; the second line looks like
+where I'm trying to get.

thats what I was aiming for.

+The first problem sounds like it would involve my router, but I've
+enabled ssh services in it. I don't know if I should enable NAT (my
+rough impression is that NAT is best avoided). I should think my name
+server would be able to use port info to send signals to the right
+place, but I know nothing about it this "translation".

That generally implies that your router has some form of SSH on it. 

NAT is useful if you have one outside (public) IP and many inside (private)
IPs, which is what it sounds like you have.

For example, My router NATs pretty heavily. It has one external IP owned by my
ISP, and it NATs for many Internal IPs on a 10.13.37.0/24 IP range. Yes, I went
there.

What I'd do for the moment is make sure the appropriate /port/ is forwarded at
least. I'd refer to portforward.com 's big list of routers and see if they have
any suggestions. Their instructions are generally pretty clear.

IF after following basic instructions you can't get it, I BLAME YOUR ISP RAAAWR.



-- 
Morgan Gangwere
Key ID A8B6F243, available from MIT.
BOFH excuse #5:

static from plastic slide rules

Attachment: signature.asc
Description: PGP signature


Reply to: