ssh 2.1.1p1 can't connect; ssh 1.2.3 can

Paul D. Smith pausmith at nortelnetworks.com
Wed Jun 21 01:34:06 EST 2000 

%% Damien Miller <djm at mindrot.org> writes:

  dm> On Thu, 15 Jun 2000, Paul D. Smith wrote:
  >> My ISP supports connections via ssh.  I was using OpenSSH 1.2.3
  >> (portable) on Solaris 2.5.1 (with EGD), and I could connect to my ISP
  >> just fine.  They're using the proprietary sshd version 1.2.26 as far as I
  >> can tell.  A connect session looks like:

  dm> [snip]

  >> Now I've compiled OpenSSH 2.1.1p1 (same system, Solaris 2.5.1, but this
  >> time using PRNG instead of EGD).  This version works to _some_ systems
  >> (for example, I can connect to my home system which is running Debian
  >> GNU/Linux 2.2--running sshd from OpenSSH 1.2.3.
  >> 
  >> But, I can't connect to my ISP; I just time out.  Here's a session:

  dm> [snip]

  >> debug: Allocated local port 827.
  >> debug: connect: Connection timed out
  >> debug: Trying again...

  dm> I haven't seen this one before. 

  dm> Can you telnet to port 22 on the target machine?

Yes:

  $ telnet xx.xx.xx.xx 22
  Trying xx.xx.xx.xx...
  Connected to xx.xx.xx.xx.
  Escape character is '^]'.
  SSH-1.5-1.2.26

  Connection closed by foreign host.

(I hit RET and it closed the connection)

  dm> An strace of the client and a tcpdump of a failed connection would
  dm> help.

Ugh.  OK, I'm a bit confused.  I couldn't truss it because ssh was
setuid root, so I made a copy that wasn't.  That copy worked!

It's apparently something about the privileged ports?, because if I run
the setuid version with -P, then that works as well.

_But_, I don't see how it can be a firewall issue, at least not on my
side, since I can use a privileged port to access my home system (I
don't need -P for that).  That's what threw me :-/.

Maybe my ISP has some kind of firewall on his side which is blocking it?

Oh well, I figured out how to get it working, that's the important thing
:).  Sorry for the false alarm.


PS. It might be worthwhile to help the user by printing a message if
    "privileged" is set and the connection times out, suggesting they
    try -P and see if that works...

-- 
-------------------------------------------------------------------------------
 Paul D. Smith <psmith at baynetworks.com>         Network Management Development
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist
-------------------------------------------------------------------------------
   These are my opinions---Nortel Networks takes no responsibility for them.

More information about the openssh-unix-dev mailing list