Topic: Mystery: SSH between two specifc locations [edited]

[judgej]

Here is a bit of a mystery.

I try to putty into an up-to-date SME Server from two different locations, using the same laptop - at home and at the office, both locations of which have their own SME server/gateways.

From home I can putty in, get WinSCP up and running, no problem. From the office I cannot log into the same server. I get the prompts (username and passord).  However, after I've entered the password, putty pauses for 30 seconds, then reports "the remote connection has been terminated".

I don't have any problems with connecting to other sites from either the home or the office, using these same protocols. I can't find anything in the log files that could give me any clues - it's as though I never attemped to connect (unless I'm looking in the wrong places).

The combination not working is an Andrews & Arnold ADSL at work, and a BT Connect ADSL at the client site.

Any ideas where I should be looking or what it could be? The problem has persisted through many upgrades from 6.5 to 7.3, so I don't think it is a bug in SME. It is probably some weird networking problem, but I haven't got a clue what.

[mmccarn]

Are you talking about

Code: [Select]

Office
  |
Internet
  |
 SME
  |
Home
Or are you talking about

Code: [Select]

Office
  |
Internet ----SME
  |
Home
The first config will not work unless you have server-manager::Security::Remote access::Secure shell access set to 'Allow public access (entire Internet)'.  (If you aren't set this way already, do some searching and reading about the security implications...)

If the SME is in 'server-only' mode with a router in front, that router may be 'swallowing' ssh traffic for itself - you could try changing the TCPPort for ssh on the SME (server-manager::Security::Remote access::TCP port for secure shell access).

It is conceivable that the router at the office is swallowing outbound ssh traffic and redirecting it to itself - while this could be done (imagine a wifi hotspot that uses a captive portal to send everyone to their own signup page) I've never seen it done w/ ssh...

[CharlieBrady]

From home I can putty in, get WinSCP up and running, no problem. From the office I cannot log into the same server.

Putty, WinSCP, etc use the SSH protocol, not SSL.

I get the prompts (username and passord).  However, after I've entered the password, putty pauses for 30 seconds, then reports "the remote connection has been terminated".

That sounds like it might be a password not accepted error. In any case, you shouldn't be using password authentication - use only RSA or DSA keys on the Internet, and disable password access to SSH.

[judgej]

Putty, WinSCP, etc use the SSH protocol, not SSL.

Yes, SSH - sorry slip of the keyboard.

The setup I'm talking about is:

1. MyLaptop <--> home_SME <--> Internet <--> client_SME

and

2. MyLaptop <--> office_SME <--> Internet <--> client_SME

Number 1 works fine, but number 2 does not. Note that this is the same 'client_SME' box, the same MyLaptop and both home_SME and office_SME are up-to-date. If I connect to any other remote SME (i.e. clientX_SME) then it works fine from either location. Likewise, I can connect to various other web servers using SSH from both locations. It is just when I try to connect to client_SME from the office that the client_SME appears to break the connection as soon as the password is entered.

When accessing the websites on client_SME, it works fine from all locations, so I don't believe it is a DNS problem.

[p-jones]

What ADSL hardware do you have at work ? How does it differ from home ? and are the necessary ports open ?

[judgej]

What ADSL hardware do you have at work ? How does it differ from home ? and are the necessary ports open ?

Draytek Vigors at both client_SME end and office_SME end, with all ports open. Straight cable modem at home, with no router.

It still makes no sense to me. If ports were closed, then other connections would presumably fail. That is not the case. It is only SSH between those *specific two locations* that fails immediately after the password has been entered.