[CLUE-Tech] SSH through Cisco

Sean LeBlanc seanleblanc at americanisp.net
Sun Jan 26 13:44:52 MST 2003 

On 01-24 07:45, David Anselmi wrote:
> Sean LeBlanc wrote:
> >I can't seem to get SSH to go through my Cisco 678 box. My config:
> [...]
> >And I set up the Cisco 678 by calling set nat add entry 10.0.0.2 22
> >and called write. It shows up in the nat table. Yet I cannot get anything
> >other than a timeout when I try to ssh to 10.0.0.1 or the external IP. I
> >can't understand why it's not working.
> >
> 
> Did you reboot after writing?  Doesn't seem that a reboot should be 
> necessary, but it seemed to help last time I set that up.

Tried that, still no dice. Is there any way to reset Cisco to the default
settings? I don't really have much changed other than the password and the
port forwarding for 22. I'm wondering if that might help. 

Someone emailed me off-list about setting a static route, and even though I
was unsure that was necessary, I tried that, too. At one time, this was
working, but I didn't have the Linksys in there. But as I said, I can ssh
directly to the LinkSys and get the proper forwarding. 

I also did try the -v option. Here's the output for a connection to the
Cisco:

bash-2.05$ ssh -v foo at 10.0.0.1
OpenSSH_3.4p1 FreeBSD-20020702, SSH protocols 1.5/2.0, OpenSSL 0x0090605f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 10.0.0.1 [10.0.0.1] port 22.
ssh: connect to address 10.0.0.1 port 22: Operation timed out


This is the -v when I connect to the LinkSys:

bash-2.05$ ssh -v foo at 10.0.0.2
OpenSSH_3.4p1 FreeBSD-20020702, SSH protocols 1.5/2.0, OpenSSL 0x0090605f
debug1: Reading configuration data /etc/ssh/ssh_config^M
debug1: Rhosts Authentication disabled, originating port will not be
trusted.^M
debug1: ssh_connect: needpriv 0^M
debug1: Connecting to 10.0.0.2 [10.0.0.2] port 22.^M
debug1: Connection established.^M
debug1: identity file /home/sean/.ssh/identity type 0^M
debug1: identity file /home/sean/.ssh/id_rsa type -1^M
debug1: identity file /home/sean/.ssh/id_dsa type 2^M
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
Free
BSD-20020702^M
debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat OpenSSH*^M
Enabling compatibility mode for protocol 2.0^M
debug1: Local version string SSH-2.0-OpenSSH_3.4p1 FreeBSD-20020702^M
debug1: SSH2_MSG_KEXINIT sent^M
debug1: SSH2_MSG_KEXINIT received^M
debug1: kex: server->client aes128-cbc hmac-md5 none^M
debug1: kex: client->server aes128-cbc hmac-md5 none^M
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent^M
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP^M
debug1: dh_gen_key: priv key bits set: 117/256^M
debug1: bits set: 1020/2049^M
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent^M
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY^M
debug1: Host '10.0.0.2' is known and matches the DSA host key.^M
debug1: Found key in /home/sean/.ssh/known_hosts:22^M
debug1: bits set: 1011/2049^M
debug1: ssh_dss_verify: signature correct^M
debug1: kex_derive_keys^M
debug1: newkeys: mode 1^M
debug1: SSH2_MSG_NEWKEYS sent^M
debug1: waiting for SSH2_MSG_NEWKEYS^M
debug1: newkeys: mode 0^M
debug1: SSH2_MSG_NEWKEYS received^M
debug1: done: ssh_kex2.^M
debug1: send SSH2_MSG_SERVICE_REQUEST^M
debug1: service_accept: ssh-userauth^M
debug1: got SSH2_MSG_SERVICE_ACCEPT^M
debug1: authentications that can continue:
publickey,password,keyboard-interacti
ve^M
debug1: next auth method to try is publickey^M
debug1: try privkey: /home/sean/.ssh/id_rsa^M
debug1: try pubkey: /home/sean/.ssh/id_dsa^M
debug1: authentications that can continue:
publickey,password,keyboard-interacti
ve^M
debug1: next auth method to try is keyboard-interactive^M
Password:


Cheers,
-- 
Sean LeBlanc:seanleblanc at americanisp.net  
http://users.americanisp.net/~seanleblanc/
Get MLAC at: http://sourceforge.net/projects/mlac/
Is there life before breakfast?

More information about the clue-tech mailing list