Subject: Re: Problem with remote login - via dynamic DNS - still in trouble
From: Iain Stevenson (iain@IainStevenson.com)
Date: Tue Feb 13 2001 - 14:07:19 MST
Thanks to Ben for ticking me off about the security issues! I installed
ssh. It works fine across my LAN but when I try going via the dynamic DNS
route this is what I get ...
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to iain.fakeaddress.com [www.xxx.yyy.zzz] port 22.
debug: Seeding random number generator
debug: Allocated local port 657.
debug: connect: Connection refused
debug: Trying again...
debug: Connecting to iain.fakeaddress.com [www.xxx.yyy.zzz] port 22.
debug: Allocated local port 644.
debug: connect: Connection refused
debug: Trying again...
debug: Connecting to iain.fakeaddress.com [www.xxx.yyy.zzz] port 22.
debug: Allocated local port 918.
debug: connect: Connection refused
debug: Trying again...
debug: Connecting to iain.fakeaddress.com [www.xxx.yyy.zzz] port 22.
debug: Allocated local port 868.
debug: connect: Connection refused
Secure connection to iain.fakeaddress.com refused.
So it looks as though the connection path is broken somehow - any ideas as
to what might work?
Iain
on 13/2/01 3:02 pm, Ben Ricker at bricker@us-rx.com wrote:
> From: Iain Stevenson <iain@iainstevenson.com>
>
> Subject: Problem with remote login - via dynamic DNS
>
> DO NOT DO THIS. Your problem is that Telnet is not receiving
> connections, probably due to some settings on your system (tcp wrappers?
> inetd not configured correctly?).
>
> However, telnet is a HUMONGOID security hole and you are asking to get
> your password sniffed. For example, your tcpdump will be done on the
> outside with a sniffer and they have your login and password in PLAIN
> TEXT.
>
> Check out ssh, a much better solution. Try http://www.openssh.org. East
> to install and has 1024bit encryption.
>
>> I'd like to be able to access my linux server remotely. It connects to
> my
>> ISP through an ADSL router (supplied by the carrier) and has a dynamic
> IP
>> address. The server does masquerading although turning this off seems
> to
>> make little difference.
>
>> I signed up to one of the dynamic DNS services and I've been trying to
>> telnet from a local client, via the Internet, back to my server. I
> have
>> been monitoring the link between the server and the ADSL router with
>> tcpdump.
>
>> If I ping the address selected from the dynamic DNS service (eg
>> fakeaddress.com) the ICMP packets show up fine. If I try telnet, I get
>> this:
>
>> Trying www.xxx.yyy.zzz....
>> Connected to fakeaddress.com.
>> Escape character is '^]'.
>
>> Telnet access denied
>> Connection closed by foreign host.
>
>> where www.xxx.yyy.zzz is the current IP address assigned to the ADSL
> router.
>> An exchange of packets is registered by tcpdump (attached at the bottom
> of
>> this email). Anyone know what the problem is? Or am I trying
> something
>> fundamentally dumb?
>
>> Iain
This archive was generated by hypermail 2a24 : Tue Feb 13 2001 - 14:16:23 MST