To a firewall (if there is one) 10122 is an "unusual" incoming port. Some things you could try. 1) check that the target is reachable, run a traceroute (tracert on windows) or a ping at your client.2) check that the target port is reachable, e.g. nmap target, nc target 22 from your client.3) run the ssh client with -vv to get extra diagnostics. cheers ---------------------------------------- > Date: Tue, 22 Jun 2010 15:53:27 -0400 > From: rgt@xxxxxxxxxx > To: mi.basura.mail@xxxxxxxxx > CC: secureshell@xxxxxxxxxxxxxxxxx > Subject: Re: Cannot connect from outside the local network > > Did you check these? > > the default gateway > the windows firewall > > If need be, grab a copy of wireshark and see if the packets from the > other subnet are getting to the machine. > > rgt > > On 06/21/2010 11:25 PM, Amy wrote: >> Hello, >> >> I installed OpenSSH version 5.5p1 in Cygwin. Everything works fine if >> I try to connect from inside the local network but if I try to connect >> from an external network I'm not able to. >> >> The service does not appear to receive the connection: >> >> debug1: sshd version OpenSSH_5.5p1 >> debug1: read PEM private key done: type RSA >> debug1: private host key: #0 type 1 RSA >> debug1: read PEM private key done: type DSA >> debug1: private host key: #1 type 2 DSA >> debug1: rexec_argv[0]='/usr/sbin/sshd' >> debug1: rexec_argv[1]='-d' >> debug1: Bind to port 10122 on 0.0.0.0. >> Server listening on 0.0.0.0 port 10122. >> >> I have already verified the hosts.allow and hosts.deny files and there >> are correct also the ports are open in the firewall. >> >> This is the sshd_config: >> >> --------------------------------------------------- >> # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $ >> >> # This is the sshd server system-wide configuration file. See >> # sshd_config(5) for more information. >> >> # This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin >> >> # The strategy used for options in the default sshd_config shipped with >> # OpenSSH is to specify options with their default value where >> # possible, but leave them commented. Uncommented options change a >> # default value. >> >> Port 10122 >> #AddressFamily any >> ListenAddress 0.0.0.0 >> #ListenAddress :: >> >> # The default requires explicit activation of protocol 1 >> #Protocol 2 >> >> # HostKey for protocol version 1 >> #HostKey /etc/ssh_host_key >> # HostKeys for protocol version 2 >> #HostKey /etc/ssh_host_rsa_key >> #HostKey /etc/ssh_host_dsa_key >> >> # Lifetime and size of ephemeral version 1 server key >> #KeyRegenerationInterval 1h >> #ServerKeyBits 1024 >> >> # Logging >> # obsoletes QuietMode and FascistLogging >> #SyslogFacility AUTH >> #LogLevel INFO >> >> # Authentication: >> >> #LoginGraceTime 2m >> #PermitRootLogin yes >> StrictModes no >> #MaxAuthTries 6 >> #MaxSessions 10 >> >> #RSAAuthentication yes >> #PubkeyAuthentication yes >> #AuthorizedKeysFile .ssh/authorized_keys >> >> # For this to work you will also need host keys in /etc/ssh_known_hosts >> #RhostsRSAAuthentication no >> # similar for protocol version 2 >> #HostbasedAuthentication no >> # Change to yes if you don't trust ~/.ssh/known_hosts for >> # RhostsRSAAuthentication and HostbasedAuthentication >> #IgnoreUserKnownHosts no >> # Don't read the user's ~/.rhosts and ~/.shosts files >> #IgnoreRhosts yes >> >> # To disable tunneled clear text passwords, change to no here! >> #PasswordAuthentication yes >> #PermitEmptyPasswords no >> >> # Change to no to disable s/key passwords >> #ChallengeResponseAuthentication yes >> >> # Kerberos options >> #KerberosAuthentication no >> #KerberosOrLocalPasswd yes >> #KerberosTicketCleanup yes >> #KerberosGetAFSToken no >> >> # GSSAPI options >> #GSSAPIAuthentication no >> #GSSAPICleanupCredentials yes >> >> # Set this to 'yes' to enable PAM authentication, account processing, >> # and session processing. If this is enabled, PAM authentication will >> # be allowed through the ChallengeResponseAuthentication and >> # PasswordAuthentication. Depending on your PAM configuration, >> # PAM authentication via ChallengeResponseAuthentication may bypass >> # the setting of "PermitRootLogin without-password". >> # If you just want the PAM account and session checks to run without >> # PAM authentication, then enable this but set PasswordAuthentication >> # and ChallengeResponseAuthentication to 'no'. >> #UsePAM no >> >> #AllowAgentForwarding yes >> #AllowTcpForwarding yes >> #GatewayPorts no >> #X11Forwarding no >> #X11DisplayOffset 10 >> #X11UseLocalhost yes >> #PrintMotd yes >> #PrintLastLog yes >> #TCPKeepAlive yes >> #UseLogin no >> UsePrivilegeSeparation yes >> #PermitUserEnvironment no >> #Compression delayed >> #ClientAliveInterval 0 >> #ClientAliveCountMax 3 >> #UseDNS yes >> #PidFile /var/run/sshd.pid >> #MaxStartups 10 >> #PermitTunnel no >> #ChrootDirectory none >> >> # no default banner path >> #Banner none >> >> # override default of no subsystems >> Subsystem sftp /usr/sbin/sftp-server >> >> # Example of overriding settings on a per-user basis >> #Match User anoncvs >> # X11Forwarding no >> # AllowTcpForwarding no >> # ForceCommand cvs server >> ------------------------------------------------------- _________________________________________________________________ http://clk.atdmt.com/UKM/go/195013117/direct/01/
