Re: Peculiar behavior of SSH--could this be the firewall? Or DNS problem?

[William Stearns <wstearns () pobox com>]

On Fri, 27 Aug 1999, Christopher C. Petro wrote:

> Here's the basic set up:
>
> Small office (15 people max) behind a Sonic Firewall doing NAT on a 
> SDSL line (northpoint). Connecting to a set of servers co-located at 
> a large colo facility. Behind a CheckPoint/Solaris firewall.
>
> My home machine, running OpenBSD connected to a iDSL line (Covad) 
> connecting to the same machines.
>
> SSH2 is giving me fits--I can connect from home just fine, but when I 
> try from any machine at the office (behind the firewall) I get 
> something to the effect of "Disconnected--no more authentication 
> methods available".

        Unfortunately, I'm not familiar with Checkpoint, so this may not
be relevant at all.
        One quirk about ssh: the source port is not always a random port
above 1024.  If the client end has sshd running as root, it picks the
first available port _below_ 1024.  
        Is there any change that Checkpoint's configuration only allows
for connections with source ports larger than 1024?  I'd recommend using,
say, 1000:65535 as the client port range for ssh instead of 1024:65535.

        The odds are not all that good that this is the source of your
problem, but at least it's a good bit of trivia when Alex Trebek
introduces the "Source Ports Used in IPV4 Protocols" category... *smile*
        Cheers,
        - Bill

---------------------------------------------------------------------------
        The thing that I suspect matters most is that Telsa is more 
important to me than sitting in front of a computer reading email. 
        - Alan Cox
--------------------------------------------------------------------------
William Stearns (wstearns () pobox com).  Mason, Buildkernel, named2hosts, 
and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns/
--------------------------------------------------------------------------