lenny openssh-server 1:5.1p1-5: no revers PFW possible

To: debian-user@lists.debian.org
Subject: lenny openssh-server 1:5.1p1-5: no revers PFW possible
From: Ekkard Gerlach <eg@liburg.com>
Date: Wed, 24 Nov 2010 11:28:14 +0100
Message-id: <[🔎] 20101124102814.GA18879@rex4.linuxburg>
Hi, 

ii  openssh-server     1:5.1p1-5   secure shell server, an rshd replacement

is not able to make revers-portforwarding, at least not the openssh-server
of 64bit lenny. 


lenny 64Bit server:
===================
ssh -p 20202 -R *:2235:localhost:22 guest@my-domain.dyndns.org

   guest@my-domain.dyndns.org is my firewall 192.168.0.11


Client (lenny):
===============
rex5:~# ssh -vvv -p 2239 192.168.0.11
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.11 [192.168.0.11] port 2239.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host



A machine with lenny32 bit (another customer) is working, revers PFW is possible. 
The error  "ssh_exchange_identification: Connection closed by remote host" appeared
there also, but disappeared after some fuzzy troubleshooting. 


BTW: A Suse8.2 client machine in the same LAN of my customer, Kernel 2.4.18 
makes revers PFW without any problem!! So, it must be a problem/ bug/ feature
of openssh-server 1:5.1p1-5. The same lenny gust (above) is able to use the 
revers-PFW: 

rex5:~# ssh -vvv -p 2235 192.168.0.11                            
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007               
debug1: Reading configuration data /etc/ssh/ssh_config           
debug1: Applying options for *                                   
debug2: ssh_connect: needpriv 0                                  
debug1: Connecting to 192.168.0.11 [192.168.0.11] port 2235.     
debug1: Connection established.                                  
debug1: permanently_set_uid: 0/0                                 
debug1: identity file /root/.ssh/identity type -1                
debug1: identity file /root/.ssh/id_rsa type -1                  
debug1: identity file /root/.ssh/id_dsa type -1                  
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH_3.*                               
debug1: Enabling compatibility mode for protocol 2.0                       
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5                
debug2: fd 3 setting O_NONBLOCK                                            
debug1: SSH2_MSG_KEXINIT sent                                              
debug1: SSH2_MSG_KEXINIT received                                          
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1                                                                                                                   
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss                                                                                            
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr                                                                                    
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr                                                                                    
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96  
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96  
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib                                                                                 
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 499/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: put_host_port: [192.168.0.11]:2235
debug3: put_host_port: [192.168.0.11]:2235
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug1: checking without port identifier
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host [192.168.0.11]:2235
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host [192.168.0.11]:2235
The authenticity of host '[192.168.0.11]:2235 ([192.168.0.11]:2235)' can't be established.
RSA key fingerprint is 5f:50:0f:7e:a1:3a:xxxxxxxxxxxxxxxxxxxxxxxxxxxx  (edited)
Are you sure you want to continue connecting (yes/no)?



thx
Ekkard
Reply to:
Prev by Date: Re: [OOT] Free Software - was Re: Toner refill
Next by Date: Re: Bonded NIC's did not come up at boot?
Previous by thread: Squeeze. Intel 2100 Wifi card breaks connection with fatal interrupt.
Next by thread: Problems with unattended-upgrades
Index(es):
- Date
- Thread