OpenSSH PPP tunneling issue
Ben Lindstrom
mouring at pconline.com
Sat Sep 9 05:40:59 EST 2000
Either you need to use a userspace PPP software (which you may find on
www.freshmeat.net) or I suggest checking out the the
following Linux howtos:
http://www.linux.org/docs/ldp/howto/VPN-HOWTO.html
http://www.linux.org/docs/ldp/howto/VPN-Masquerade-HOWTO.html
The first one explains SSH and PPP Theories in VPNing.
I believe the much more prefered method of connection distance networks
is really IPSec (Which requires a patch to the 2.{0,2,4} kernels).
On Fri, 8 Sep 2000, Robert Steinfeldt wrote:
> I am trying to set up a secure PPP tunnel between an OpenSSH client and
> server, and am having problems establishing the tunnel.
>
> -----------------------------------------------------------------------------
>
> Server information:
> Stock Redhat 6.1 machine running a 2.2.12 kernel
> OpenSSH version 2.2.0p1 (downloaded as Redhat RPMs, revision 2)
> OpenSSL version 0.9.5a (downloaded as Redhat RPMs, revision 3)
> PPP version 2.3.10
> One exposed external IP address (for this list, assume to be
> 100.100.100.100)
>
> /etc/ssh/sshd_config:
> Port 22
> Protocol 2,1
> ListenAddress 0.0.0.0
> HostKey /etc/ssh/ssh_host_key
> HostDSAKey /etc/ssh/ssh_host_dsa_key
> ServerKeyBits 768
> LoginGraceTime 600
> KeyRegenerationInterval 3600
> PermitRootLogin no
> IgnoreRhosts yes
> StrictModes yes
> X11Forwarding no
> X11DisplayOffset 10
> PrintMotd yes
> KeepAlive yes
>
> /etc/ppp/options:
> lock
> local
> noauth
> proxyarp
>
> Client information:
> *Stock Redhat 6.2 machine running a 2.2.17pre20 kernel
> OpenSSH version 2.2.0p1 (downloaded as Redhat RPMs, revision 2)
> OpenSSL version 0.9.5a (downloaded as Redhat RPMs, revision 3)
> PPP version 2.3.11
>
> /etc/ssh/ssh_config:
> Empty (default)
>
> /etc/ppp/options:
> lock
> noauth
>
> * This has also failed on Redhat 6.1 (kernel 2.2.12) and Redhat 6.9.5
> (kernel 2.2.16) machines with the same results.
>
> -----------------------------------------------------------------------------------------
>
> What happens:
> We attempt to connect to the OpenSSH server with the following command,
> run in a terminal:
>
> /usr/sbin/pppd -detach lcp-echo-failure 600 lcp-echo-interval 600 local
> passive pty "ssh -t -l <username> 100.100.100.100 /usr/sbin/pppd file
> /etc/ppp/options-<username>"
>
> (The options-username file on the server simply contains an IP address,
> such that the client machine is set up with a static IP to attach to the
> server.)
>
> When executed, OpenSSH asks for the password to gain entry to the
> server, after which the connection appears to hang while negotiating a
> PPP connection. PPPd on the client side eventually fails with 'LCP:
> timeout sending Config-Requests'. This behavior remains constant whether
> the '-e none' option is provided to ssh or not, on the client side.
> However, the pppd command on the server IS executed, as shown by its
> server logs, so we know the ssh session is being established. At this
> point, we are lead to suspect that either the virtual tty allocation or
> emulation is not sending binary characters through properly, or that
> some sort of character sequence is being interpreted by openssh despite
> the '-e none' option specified.
>
> The OpenSSH client seems to be suspect, because when the commercial SSH
> RPM available at (ftp://ftp.ssh.com/pub/ssh/rpms/ssh-2.3.0-1.i386.rpm)
> is called upon to perform the same command on the client side, the ppp
> tunnel is successfully established with the OpenSSH server -- whether
> run in a terminal or inside a script. I've tried compiling the OpenSSH
> RPM from source on multiple client machines in case that was an issue;
> it had no effect on the problem. I'll try to provide any debugging
> information if needed; please advise.
>
> Robert Steinfeldt -- robert.steinfeldt at steeleye.com
>
More information about the openssh-unix-dev
mailing list