Remote SHH Conn

csierra

Posts: 85
Member Since:
2008-02-22

Submitted by csierra on Sun, 08/10/2008 - 11:24pm.

Hi all, I can connect *locally* with Java SHH, as follows:

login as: root
root@Trixbox_Srv's password:
Last login: Mon Aug 11 01:04:11 2008 from 192.168.1.65
Welcome to trixbox CE
-------------------------------------------------
For access to the trixbox web GUI use this URL
eth0: http://192.168.1.69
For help on trixbox commands you can use from this
command shell type help-trixbox.
[mydomain.dyndns.org ~]#
[mydomain.dyndns.org ~]# login as: root
Password:

Now I need to connect remotely, for that, I had:

1. Port forwarding: 2wire port (TCP) 22 to the Trixbox
2. Opened Win XP Firewall to all traffic for the Putty.exe app
3. Open a session in Java SHH, using as a domain either the public wan ip (router modem ip) or the mydomain.dyndns.org, this is what I get:
Error connecting to holex.dyndns.org, reason:
-> access denied (java.net.SocketPermission mydomain.dyndns.org resolve)

I am pulling my hair out with this since the faboulous vendor of my unconfigurable ZMA-800 Card has agreed to install it for me; but is needed to connect to do so...

I had followed Scott's link instructions on how to, but followed without success.

The box is behing a 2wire modem router, I beleive it´s holed ok since I can connect SIP peers and so.

Any advise, please!

Thank you again

VOIP Newbie

&nbsp

SkykingOH

Posts: 9678
Member Since:
2007-12-17

First, it's SSH not SHH. I

Sun, 08/10/2008 - 11:30pm

First, it's SSH not SHH.

I am not sure what you are talking about with regard to the Java client remotely. What happens when you try and login with putty only?

Scott

aka "Skyking"

&nbsp

csierra

Posts: 85
Member Since:
2008-02-22

Putty

Sun, 08/10/2008 - 11:35pm

Connection Time Out; I had tryed Putty with local IP and goes perfect; I can login (it gives a warning regarding the identity of the server and the keys issue) but can connect ok; The 2wire has port forwarding TCP 22; the Windows firewall is open too; I cant see where the flaw is...

VOIP Newbie

&nbsp

SkykingOH

Posts: 9678
Member Since:
2007-12-17

Maybe your provider is

Mon, 08/11/2008 - 9:25am

Maybe your provider is blocking?

Scott

aka "Skyking"

&nbsp

VoicePulse

Posts: 135
Member Since:
2006-06-01

Ok, you tested two

Mon, 08/11/2008 - 11:41am

Ok, you tested two scenarios:

- Can you connect locally using Java? Yes
- Can you connect from the same network, different PC using Putty? Yes

Now try these:

- Can you connect using Putty and the public IP address?
- Are you able to see this attempt on the router or in /var/log/messages (or some other log file?)

VoicePulse for Business & Wholesale
Get a FREE trial account for trixbox users
Setup trunks, configure routes, and manage your VoicePulse account inside trixbox!
Resellers and trixbox installers should inquire about our Partner Program

&nbsp

csierra

Posts: 85
Member Since:
2008-02-22

I´m almost shure this is a router issue

Mon, 08/11/2008 - 12:17pm

Thanks for your posting; still no joy here.

To your questions; I am able to connect and login locally as root using Java SSH, putty and WinSCP.

When using mydomain.dyndns.org instead of 192.168.1.69 all the three clients says the same: Connection Timeout. The only clue I have for now is the Java SSH Err msg JavaSock AuthDenied...

The thing here is the router firewall is correctly set to forward all ports needed; I have the following ports open:
TCP 22, 10000
UDP 4569, 5004 to 5082

Another annoyance; I have tested, for other purposes to forward port TPC 80/110 and it consisntently fails to do so; even tested DZM Mode without joy. I am calling now my ISP to check TCP 22 is not blocked wich I beleive would be unusual; in your opinion, what else could be causing this? this is a 2wire 270H modem router.

Thanks, again...

VOIP Newbie

&nbsp

bubbapcguy

Posts: 3774
Member Since:
2006-06-02

ports

Mon, 08/11/2008 - 3:05pm

Check your router setup
your webmin port works (I can hit it) but no port 80 / 22 is showing open

&nbsp

csierra

Posts: 85
Member Since:
2008-02-22

How is that?

Mon, 08/11/2008 - 4:46pm

Thanks again for your help; I´m wondering how can you get my Webmin panel and I don´t?

I am going to http://mydomain.dyndns.org:10000 to get an err only; by the way, I´ve read the 2wire manual and it says by default it's attact protection features consider bad address packets those that have same origin-dest IP (those are set to being intentionally dropped by the fwall) could this be affecting my testings?

I have called my ISP and confirmed no TCP ports blocked... I do not know what else to try / do I am stuck in here!

VOIP Newbie

&nbsp

VoicePulse

Posts: 135
Member Since:
2006-06-01

It's probably something

Mon, 08/11/2008 - 6:37pm

It's probably something simple, but there's so many things to check, it's unlikely that someone here will guess the right answer. We can still try, of course...

Is iptables on?

&nbsp

SkykingOH

Posts: 9678
Member Since:
2007-12-17

Ummm. Are you trying to

Mon, 08/11/2008 - 7:38pm

Ummm. Are you trying to test from the same Internet connection? You can't make a hairpin turn. That won't work.

Scott

aka "Skyking"

&nbsp

csierra

Posts: 85
Member Since:
2008-02-22

Well origin-dest

Mon, 08/11/2008 - 8:43pm

Is different now; went to the office (Im testing ffrom home) and voila! nothing! still no return here...

VOIP Newbie

&nbsp

SkykingOH

Posts: 9678
Member Since:
2007-12-17

As bubba said I can connect

Mon, 08/11/2008 - 8:51pm

As bubba said I can connect to https://holex.dyndns.org:10000

You must not have port 22 mapped through for SSH.

[root@skytrixhome ~]# ssh holex.dyndns.org
ssh: connect to host holex.dyndns.org port 22: Connection refused
[root@skytrixhome ~]#

Scott

aka "Skyking"

&nbsp

csierra

Posts: 85
Member Since:
2008-02-22

Thanks; can we try again?

Mon, 08/11/2008 - 9:53pm

I have done a full 'from factory' modem reset and setted up everything again; I wonder if you can try that again, please?

Thanks Steve, Bubba, VoicePulse, for your support

VOIP Newbie

&nbsp

SkykingOH

Posts: 9678
Member Since:
2007-12-17

You are good to

Mon, 08/11/2008 - 11:29pm

You are good to go.

[root@skytrixhome ~]# ssh holex.dyndns.org -l root
reverse mapping checking getaddrinfo for dsl-189-130-209-120.prod-infinitum.com.mx failed - POSSIBLE BREAKIN ATTEMPT!
root@holex.dyndns.org's password:

Scott

aka "Skyking"

&nbsp

SkykingOH

Posts: 9678
Member Since:
2007-12-17

You are good to

Mon, 08/11/2008 - 11:30pm

You are good to go.

[root@skytrixhome ~]# ssh holex.dyndns.org -l root
reverse mapping checking getaddrinfo for dsl-189-130-209-120.prod-infinitum.com.mx failed - POSSIBLE BREAKIN ATTEMPT!
root@holex.dyndns.org's password:

Scott

aka "Skyking"

&nbsp

csierra

Posts: 85
Member Since:
2008-02-22

I am almost ....

Mon, 08/11/2008 - 11:54pm

flying!! ... Thank you! Now I can go to *next* topic...
by the way, that warning of reverse failed could be fixed if I change DNS srv address in the 2wire?

Thank you Scott.

VOIP Newbie

&nbsp

SkykingOH

Posts: 9678
Member Since:
2007-12-17

The DNS error will never go

Tue, 08/12/2008 - 6:34am

The DNS error will never go away, you don't have control of the DNS server so unless you name your trixbox whatever your DSL connection is (not recommended) it won't work. Don't worry about it

If you are worried about SSH security use a preshared key.

Scott

aka "Skyking"

&nbsp

jlutes

Posts: 49
Member Since:
2007-01-09

suggestion?

Tue, 08/12/2008 - 8:40am

If I might, I would make a simple suggestion to improve security. Remove your map to send port 22 traffic in and out of our router and configure it to send port 22 internal to a different port (say 2000) on the outside. Though this doesn't actually increase security persay, someone would actually have to portscan your ip address to find that you had the hole.

&nbsp

Remote SHH Conn

Comment viewing options

Search

Main

User login

Who's online