Murphy strikes! SSH proxying is broken just as firewall goes up
October 19, 2008 8:25 PM Subscribe
In a classic demonstration of Murphy's Law, the SSH service on my VPS server is not proxying requests on the same day that a network firewall was installed. Please help!
Here are the details (sorry if the rest of the question sounds a bit frantic...)
1. I have a client PC running Windows XP SP2 from which I access sites running non-default ports (Cpanel, Webmin etc.) via a SSH proxy.
2. The SSH proxy is running on a separate server. I use the Tunnelier software to provide proxy services. I log into the SSH service using a unprivileged account (account has no sudo access etc.)
3. The VPS Server running the SSH daemon is on CentOS 5, OpenSSH_4.3p2
4. The server does not have any firewall running (although CSF is installed):
# ps aux | grep csf
root 24232 0.0 0.1 1752 488 pts/0 S+ 20:03 0:00 grep csf
# ps aux | grep iptables
root 24278 0.0 0.1 1752 488 pts/0 S+ 20:03 0:00 grep iptables
5. The contents of my sshd_config file can be seen here
I can log into the SSH service successfully, however whenever I try to go to any website on the client, the SSH proxy log shows:
Further details:
1. The SSH proxy server isn't running any firewall, neither is the client.
2. The network does not block port 22 at the firewall for the SSH proxy server.
3. I have a second much slower SSH connection on the same server, and proxying through this second account works. So that tells me it's not a problem on my network end, it's the SSH server.
4. I have tried to log on to the SSH service using a high privilege account (sudo su access enabled) and then proxying, but that doesn't work either.
Any ideas, suggestions?
Here are the details (sorry if the rest of the question sounds a bit frantic...)
1. I have a client PC running Windows XP SP2 from which I access sites running non-default ports (Cpanel, Webmin etc.) via a SSH proxy.
2. The SSH proxy is running on a separate server. I use the Tunnelier software to provide proxy services. I log into the SSH service using a unprivileged account (account has no sudo access etc.)
3. The VPS Server running the SSH daemon is on CentOS 5, OpenSSH_4.3p2
4. The server does not have any firewall running (although CSF is installed):
# ps aux | grep csf
root 24232 0.0 0.1 1752 488 pts/0 S+ 20:03 0:00 grep csf
# ps aux | grep iptables
root 24278 0.0 0.1 1752 488 pts/0 S+ 20:03 0:00 grep iptables
5. The contents of my sshd_config file can be seen here
I can log into the SSH service successfully, however whenever I try to go to any website on the client, the SSH proxy log shows:
10:08:31.031 Closing SOCKS5 connection from 128.236.48.58:1753, sent: 0, received: 0. 10:08:31.031 SOCKS5 connection from 128.236.48.58:1753 failed: Client connection closed before completion of protocol. 10:08:34.034 Closing SOCKS5 connection from 128.236.48.58:1754, sent: 0, received: 0. 10:08:34.034 SOCKS5 connection from 128.236.48.58:1754 failed: Client connection closed before completion of protocol.The log is filled with these sort of failed connections.
Further details:
1. The SSH proxy server isn't running any firewall, neither is the client.
2. The network does not block port 22 at the firewall for the SSH proxy server.
3. I have a second much slower SSH connection on the same server, and proxying through this second account works. So that tells me it's not a problem on my network end, it's the SSH server.
4. I have tried to log on to the SSH service using a high privilege account (sudo su access enabled) and then proxying, but that doesn't work either.
Any ideas, suggestions?
« Older Help me help my friend into politics | Denied boarding on overbooked flight - now wish to... Newer »
This thread is closed to new comments.
posted by your mildly obsessive average geek at 7:28 PM on October 20, 2008