|
Post by philippe44 on Nov 6, 2006 3:59:34 GMT 7
Hi,
I've been using SSH for a while (with access from the internet through NAT & PAT) and it was working fine. After some ISP modem box upgrade, it stopped working from the outside - (simply timeout - still working inside my home network). While trying to sort this problem (this is not a basic NAT/PAT issue because my ISP modem is *just* a modem without *any* firewall/NAT ... feature, all the smart work is done by a router whose configuration did not change) I tweaked the sshd configuration and set a DEBUG10 as logging level. It seems that the sshd does not like this because since then I have an immediate "connection refused" everytime I'm trying to login from the inside (no password/username prompt). I've tried to roll back to factory default, upgrade the firmware again but still have the same issue. I'm using PuTTY- any help very welcome (note that I initally set the debug level to DEBUG3 and it was working, but with not relevant information logged) Philippe
|
|
|
Post by philippe44 on Nov 6, 2006 4:37:00 GMT 7
BTW, what I'm looking for is simply a way to be back to the _real_ factory configuration (i.e. erasing all sshd_config & misc files). All what I found today does not seem to do this (conf files are preserved)
|
|
|
Post by dbridges on Nov 6, 2006 9:49:43 GMT 7
I experienced a similar situation to your SSHD debugging issue except that i altered the permissions on the SSHD files. Same result. No SSH.
The ONLY way to fix it is to reinstall your firmware (use the same version that you're running now). It will overwrite all of your config files. Try and backup any configuration files that you've changed and want to keep.
As for your firewall issues...
You've changed the modem but you haven't said why. Who configured the modem? Was it pre-configured? If so who configured it?
Some ISP's "offer" port blocking. They may have implemented it on your connection as part of an "upgrade"!
To test ... Edit your apache config to listen on the ssh port and see if you can open the web interface from outside using a standard browser. Just remember to include the port number in the url.
|
|
|
Post by philippe44 on Nov 6, 2006 19:48:25 GMT 7
I already did a firmware re-upgrade but it seems that this configuration file (sshd_config) is not re-written because it was still not working (if this is the issue, which I believe it is because this is the only thing I did change). The reason for the modem change is that I have a triple play offer (TV, Telephone, Internet) on ADSL and the modem has been upgraded to provide HD TV. There is no filtering, nothing specific ... I did check 10 times :-(
|
|
|
Post by dbridges on Nov 7, 2006 9:16:29 GMT 7
There is another option.
The scripts within a module are executed as root during boot up.
If someone could put together a module with a repair script in it it could be used to fix your problem.
Unfortunately i haven't got the time to do this myself at the moment but someone else here may be able to throw one together in a pinch.
What's your firmware version??? Because you'll need to source a doner config file for the same version.
As for the other problem. With HDTV, Telephone and internet coming in on one ADSL line i reckon that your ISP is blocking the ports to stop you from using too much bandwidth and killing your connection. Apart from that i have no more quesses.
|
|
|
Post by philippe44 on Nov 11, 2006 0:30:03 GMT 7
I managed to built a small "module" based on the existing SSH one with a sshd_config file from another linux box I have, uploaded in the N2100 and this is ok now ! For the rest, my ISP was not the problem, but it seems that the issue was in the RSA pair of keys which has been generated previously (at first connection), before I changed my ISP's modem. I've never investigated SSH, but it seems that this key depends on the client ID (MAC, IP ? dunno need to check) and because I was doing PAT to access the tunnel from the outside, the only know ID was my ISP modem box which has changed ... So erasing all RSA key caches has solved the issue :-)
|
|
|
Post by dbridges on Nov 11, 2006 2:56:42 GMT 7
Glad you got it sorted. Sorry i couldn't be more helpful.
|
|